Phishers automate attacks using 'Google hacking'
PrintWhy pay when you can pwn?
Posted in Software & Security, 2nd March 2009 10:00 GMT
Free whitepaper – Managing desktop software for fun and profit
Three in four phishing sites are hosted on compromised servers, according to a new survey.
A study of 2,486 fraudulent websites found that 76 per cent were housed on hacked webservers, typically pwned after hackers identified well-known vulnerabilities using search engine queries. Free web hosting for fraudulent websites was used in just 17.4 per cent of cases.
The paper, called Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing, by security researchers Tyler Moore and Richard Clayton, also found that a sizeable minority of compromised systems were serial victims of attack.
One in five (19 per cent) were hit again less than six months after a phishing-related hack attack. That's because legitimate owners might turf out fraudsters from their systems but they often fail to fix underlying vulnerabilities that let them in.
The study can be found here (PDF). More commentary on the study can be found in a posting by Richard Clayton on the Light the Blue Touchpaper Blog here. ®
Free whitepaper – Managing desktop software for fun and profit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs