Wednesday, September 11, 2013

Google Operating System, Phishing Site?

If you use Opera to visit the site, you'll probably see this warning: "This site has been reported as fraudulent. Exchanging sensitive or confidential information with this site could put you at risk for identity theft and/or financial fraud. Opera Software strongly discourages visiting this page."


Opera uses Netcraft's phishing blacklist. You'll get a similar warning if you install Netcraft's toolbar:


Netcraft's site report page doesn't provide too many useful information. I could only find that the Google OS blog has a 5/10 risk rating, but the rating varies depending on the URL. The recent post about the Google logo has a 7/10 risk rating.


Many factors contribute to the risk rating of each site. The dominant factor for most sites is the age of the domain name in which the site appears. Domain names that have never been seen in the Netcraft Web Server Survey are given a high risk rating, since many phishing sites and relatively few legitimate sites fall into this category. Other factors which can influence the risk rating include:

* Any other known phishing sites in the same domain.
* Whether a hostname or a numeric IP address is used in the URL.
* Whether or not a port number appears in the URL.
* The hosting ISP's history with respect to phishing sites.
* The hosting country's history with respect to phishing sites.
* The top level domain's history with respect to phishing sites.
* The site's popularity with Netcraft Extension users.

So just because other Blogger blogs are used for phishing, Netcraft decided that this is a phishing site? It's hard to say. Google's official blog has a 0/10 risk rating, while a random blog like googlelatlong.blogspot.com (it's not Google's Maps blog) has a 7/10 risk rating, but there's no warning.

A site that lets you check multiple anti-phishing blacklists is the Google-owned VirusTotal. "VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware." VirusTotal reported that there are 3 services that flag the Google OS blog: Opera, Netcraft and Kaspersky. They probably have the same source.


Here's Kaspersky's "access denied" message:


Ironically, a recent blog post from Kaspersky's site informs that: "Kaspersky's product blocked 99 percent of the 187 phishing websites while producing zero false alarms among the 400 legitimate URLs, earning first place among its competitors with an Advanced + award from AV-Comparatives."

I used Netcraft's browser extension to report that the URL was flagged by mistake and received this message after a few minutes: "Thank you for your enquiry. Following a review of the URL in question, I have unblocked the URL from the toolbar. Please allow a short period of time for the changes to propagate."


{ Thanks, Josh Rich. He reported this issue. }

0 comments:

Post a Comment

Blog Archive