ZDNet’s Dancho Danchev is pointing to a new research paper (.pdf) that shows that 75.8% of the phishing sites analyzed (2486 sites) were hosted on compromised web servers to which the phishers obtained access through Google hacking techniques (search engine reconnaissance).
The research also indicates that not only are legitimate sites (unknowingly) providing hosting services to scammers, but also that 19% of the vulnerable sites that they’ve analyzed were recompromised within six months.
This efficient exploitation approach using “evil searches” is in fact so efficient, that the majority of large scale SQL injection attacks that took place in 2008 were performing automatic search engine reconnaissance and later on exploiting the affected sites.
The takeaway:
The bottom line – if you don’t take care of your web application based vulnerabilities, someone else will. And yes, they will come back six months later to find out whether the web servers still remain vulnerable.
