This month, experts at Websense reported a spike in the user-created sites hosting phishing schemes, such as one for eBay, Dan Hubbard, vice president of security research at San Diego-based Websense, told SCMagazine.com.
Attackers are drawn to the Google Pages, which are hosted on Google servers, because they may evade web filters. The sites may not be blacklisted because "Google has a good reputation as a brand. It’s not a bad domain hosted in China or Eastern Europe," Hubbard said.
There are a number of other factors that may attract the malicious community to Google Pages, AJAX-enabled websites released in 2006 that offer users the ability to upload dynamic content.
"Google has a phenomenal infrastructure so the server is not going to go down," Hubbard said. "You can also do it anonymously. It’s free. There’s tons of space available."
He added that some attackers have created a script that allows them to automatically create these websites to be used in phishing attacks. Google needs to do a better job of scanning content, Hubbard said.
Google, in a statement, said the search engine giant has defenses in place to prevent against its hosted websites being misused.
"We take user security and safety very seriously," the statement said. "As part of our efforts to protect users, we proactively check uploaded content for malware and viruses. In addition, when we are notified of phishing or other malicious or illegal content, we work quickly to remove it."
Last year, Websense reported that Google servers were being used to host malicious binary files that tried to infect users.
Hubbard said the new brand of phishing attacks is one of a variety of techniques scammers use. Others set up the attacks on their own servers, compromise legitimate sites or use bots.
Organisations should deploy solutions to scan possibly malicious websites and educate end-users to not click on unknown links in emails or instant messages, he said.
Google Pages hosting phishing attacks
By Dan Kaplan on Jun 26, 2007 9:23AM