Phree Phishing - Michael Sutton's Blog -

Phree Phishing

Michael Sutton's Blog

Home
Contact

Syndication

Archives

I recently blogged about the phishing pages that I found during a Tour of the Google Blacklist. In that posting I noted how I was surprised to find that Yahoo! was actually hosting phishing sites designed to phish Yahoo! credentials. Not surprisingly, Yahoo! quickly removed the pages that I'd pointed out. When questioned about the issue by Network World news editor Paul McNamara, Yahoo! stated that they "proactively scan hosted sites for potential phishing activity and deactivate suspicious sites" and that they "are continually improving and modifying [their] efforts to remain at the forefront of the industry". Fair enough, perhaps Yahoo! had not been aware of the Google blacklist and my blog posting had encouraged them to add monitoring the list to their "use of enhanced technologies, industry collaboration, public policy efforts, and increasing consumer awareness", which they are apparently employing to combat phishing. I therefore revisited the Google blacklist today and was disappointed to see that it still includes active phising sites hosted by Yahoo! Geocities. The good news for Yahoo! - they're far from being the worst offender.

This time around, I decided to see which hosting providers are aiding phishers by maintaining their websites - for free. To do this, I spent a couple of hours sifting through various publicly available resources including search engines, phishing archives, the Google Blacklist and the Google Hashed/Encoded Blacklist. Sadly, I found that most free hosting providers are contributing to the problem of phishing. Given that I was able to find dozens of sites with minimal effort and no special resources, it is clear to me that the hosting providers are making no effort whatsoever to combat this problem. Why? Do they lack the resources? Is the challenge too difficult? I have a different theory. I believe that they benefit from the ad revenue that these web pages provide. They choose not to combat the problem because they are profiting from it.

What can be done to change this? Hosting providers must be held responsible for the content that is hosted on their servers. Companies such as HSBC, MySpace, Microsoft (Hotmail) and eBay were among the targets of the phishing sites that I investigated. It is their clients that are paying the price for this and it is therefore time that such companies took action. MySpace has repeatedly removed content when facing legal action for copyright infringement. I suspect that the free hosting providers would try a little harder if they likewise faced legal action for their negligence when combating phishing.

Below, from least to most prolific offenders are the free hosting sites which I uncovered this evening. All were active phishing sites at the time of this posting.

FreeWebPage.org

http://mypics4u6969.freewebpage.org/mypics2.html

50 Megs

http://sgi.com.50megs.com/SWcgi3-bin0-ISAPIdll-viewtheitem-4583745438.htm

Tripod (Lycos)

http://jokaowns.tripod.com/
http://daulamoe.tripod.com/

Geocities (Yahoo!)

http://www.geocities.com/maria_bitch69/album_photo.html
http://www.geocities.com/myphotos30021/
http://www.geocities.com/sweet_aqnes/Album_Photo.html
http://www.geocities.com/you_want_my_cookies/
http://www.geocities.com/sweet_angel_eyez_of_tears/
http://www.geocities.com/lxxl_kiss_me_fool_lxxl/
http://www.geocities.com/sydneypulse/
http://www.geocities.com/ravish334/yahoophoto.htm

...and by far the worst offender (I stopped at 50+, but there's plenty where that came from)...

Angelfire (Lycos)

Why can't we all just get along?

- michael

Posted 02-09-2007 1:15 AM by erik.peterson

Comments

t'Sade wrote re: Phree Phishing

on 02-09-2007 9:27 AM

There is an interesting problem with providers being responsible. As soon as they are responsible for one thing, they lose the protection they have from the laws and they become responsible for EVERYTHING on their sites, which means they pretty much have to patrol it constantly and keep up to date with every single law in just about every state (and in some other countries, I wouldn't be surprised).

And, companies will err on the side of not being dragged into court, so they will start to remove content they think might cause a problem, which would significantly limit the amount of content that may be useful/helpful/intelligent out there.

BelchSpeak wrote re: Phree Phishing

on 02-09-2007 12:59 PM

Its a great point about Myspace and other sites such as google and Youtube scramble to remove content if it violates copyright. Maybe that's because the copyright holders have demonstrated that they have armies of trained lawyers to go after offenders.

Yet when it comes to offensive and illegal content and conduct on member pages, these same groups drag their collective feet. Whether its phishing or the failure to age-verify children on social network sites, it is indeed true that the responsibility falls on the hosting providers.

Microsoft chat closed down due to the prevalence of child predators in its chat rooms.

Paul McNamara wrote re: Phree Phishing

on 02-10-2007 3:54 AM

An interesting analysis, Michael. And the suggestion that this negligence isn't really negligence, but a willful blind eye motivated by profit raises all kinds of additional questions. I talk about some of them on my blog entry about what you found:

http://www.networkworld.com/community/?q=node/11355

Paul McNamara wrote re: Phree Phishing

on 02-15-2007 3:32 PM

Hi Michael: Lycos finally got back to me with a statement. Here it is, as well as update on those Angelfire sites that you flagged:

http://www.networkworld.com/community/?q=node/11559

Syndication

Recent Posts

Archives

Comments