A Tour of the Google Blacklist

I recently decided to devote a day to walking through the Google Blacklist. While some of the findings were to be expected, others proved somewhat surprising. The Google Blacklist is a listing of URLs suspected to be phishing sites. It is used by the Google Safe Browsing for Firefox extension which is now part of the Google Toolbar for Firefox. It is also leveraged by the Firefox 2 web browser. Google maintains a number of different safe browsing lists to combat phishing including a URL blacklist, an encoded/hashed blacklist, a URL whitelist, a domain whitelist and a sandbox text list, which contains keywords included in URLs. While Google doesn't reveal exactly how these lists are developed, it's clear that user input is an important variable given that both the Google Toolbar and Firefox 2 allow for optional user feedback when phishing sites are encountered.

My hope was that this exercise would provide some insight into current phishing attacks and it certainly did. The blacklist is continuously updated and specific versions can be requested by including the required major:minor version in the GET request. The full listing (1:1) contained primarily outdated URLs as 86% of the pages or sites were no longer available. While I would like to think that the existence of Google's blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle. Michael Sutton's Blog : A Tour of the Google Blacklist

Linked by shanmuga Monday, 8th January 2007 9:57PM