The full listing (1:1) contained primarily outdated URLs as 86% of the pages or sites were no longer available. While I would like to think that the existence of Google’s blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle. I had expected to see a combination of social engineering attacks, known vulnerabilities and 0day attacks used on the sites with the majority falling into the first category. I was therefore somewhat surprised to find virtually all sites using straight social engineering attacks. I was also surprised to see that the top three targets - eBay, PayPal and Bank of America accounted for 63% of the active phishing sites. One amusing finding was that Yahoo! commonly hosts pages that phish…wait for it…Yahoo! credentials. A breakdown of the full findings can be found below.

Michael Sutton’s Blog : A Tour of the Google Blacklist

Original post by sportsnut

Additional Reading

• Own An iPhone? Want One?
• !دروس في أمن المعلومات من الدميه باربي
• Apple fixes more QuickTime media flaws
• Ask.com is not asking “Will Privacy Sell”
• Smart card deployment: How to know if it’s smart for your enterprise
• Countrywide CEO - Selling shares and pitching bigger subsidies
• Cookie forgery tools pose danger, says researcher
• IBM releases simplified Tivoli Identity Manager
• Defeating the Shoe Scanning Machine at Heathrow Airport
• Mu Security Analyzer busts vulnerabilities with the greatest of ease