Google Anti-Phishing Black and White Lists

Wednesday, September 13, 2006

Google Anti-Phishing Black and White Lists

Can the world's most effective search engine manage to keep questionable sites away from the search results of its users? Seems like its toolbar users are also warned about such. Google for sure got the widest and most recent snapshot of the Web to draw up conclusions from, and seems like starting from the basics of keeping a black and white list with questionable sites/URLs is still taken into consideration. Googling Google proves handy sometimes and you can stumble upon interesting findings such as Google's Black -- cache version -- and White lists of phishing and possible fraudelent sites -- there's still a cached version of the White list available and the white domains as well.

As I often say that the host trying to 6667 its way out of the network today, will be the one sending phishing and spam mails tomorrow, therefore in order to verify I took a random blacklisted host such as http://219.255.134.12/fdic.gov/index.html.html and decided to first test it at TrustedSource, and of course, at the SORBS to logically figure out that the host's has been indeed :

"Spam Sending Trojan or Proxy attempted to send mail from/to from= to="

What's ruining the effect of black and white lists? With today's modular malware -- and DIY phishing toolkits -- the list of IP's currently hosting phishing sites can become a decent time-consuming effort to keep track of, namely black lists can be sometimes rendered useless given how malware-infected hosts increasingly act as spamming, phishing, and botnet participating ones -- if ISPs were given the incentives or obliged to take common sense approaches for dealing with malware infected hosts, it would make a difference. As far as the white lists are concerned, XSS vulnerabilities on the majority of top domains, and browser specific vulnerabilities make their impact, but most of all, it's a far more complex issue than black and white only.

Another recent and free initiative I came across to, is the Real-Time Phishing Sites Monitor, which may prove useful to everyone interested in syndicating their findings.

Third-party anti-phishing toolbars, as well as anti-phishing features build within popular toolbars are not the panacea of dealing with phishing attacks. A combination of them and user awareness, thus less gullible user is the way.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Wednesday, September 13, 2006

Google Anti-Phishing Black and White Lists

No comments:

Post a Comment