As of 1st January 2009, the Netcraft Toolbar community has blocked 1.9 million phishing attacks. To provide an incentive for the community to send us reports of phishing sites, reporters now receive the following goodies from Netcraft:
Netcraft Mug (after 100 validated phishing reports) Netcraft Polo Shirt (after 400) Targus Laptop Backpack (after 1,000) Top of the range iPod (after 4,000)
To report phishing sites to us, use the form at http://toolbar.netcraft.com/report_url
Upon reaching 4,000 you become eligible for a monthly competition to incentivise large reporters.
To track the progress, we have a leaderboard displaying the people with the largest number of accepted reports so far this month, identified by their first names to preserve their anonymity.
The Netcraft Toolbar, which is available for both Internet Explorer and Firefox, serves as a giant neighborhood watch scheme for the Internet: members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.
Looking back at 2008, Netcraft has seen phishing attacks evolve, with fraudsters using progressively sneakier tactics:
- October 2008 saw an attack against Yahoo! which was used to steal authentication cookies from its users. The cross-site scripting vulnerability on Yahoo!'s own website allowed the fraudster to steal the details simply as a result of a victim visiting the page.
- The two-edged nature of how browsers present Extended Validation (EV) SSL certificates was highlighted after a cross-site scripting vulnerability was demonstrated on paypal.com. This flaw would have allowed hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
- Phishers branched out into telephone phishing. Victims were asked to phone a toll free number to reactivate their card.
- Fraudsters found a cross-site scripting vulnerability on an Italian bank's website. This was used to orchestrate an attack against the bank, using its own HTTPS website URL.
- Backdoored phishing kits have been deployed by criminal programmers wishing to reduce their workload by getting novice fraudsters to deploy the kits onto websites and send the phishing emails. Netcraft later reported a large range of different phishing kits being offered by the same group.
Rank Company site OS Outage
DNS Connect First
Total 1 New York Internet FreeBSD 0:00:00 0.014 0.011 0.039 0.080 0.212 2 www.westhost.com Linux 0:00:00 0.014 0.001 0.058 0.119 0.238 3 Hosting 4 Less Linux 0:00:00 0.019 0.056 0.060 0.124 0.249 4 www.green.ch F5 Big-IP 0:00:00 0.019 0.202 0.128 0.331 0.713 5 www.easynet.net Windows Server 2003 0:00:00 0.024 0.002 0.108 0.215 0.215 6 Swishmail FreeBSD 0:00:00 0.029 0.001 0.040 0.080 0.206 7 www.he.net Linux 0:00:00 0.029 0.002 0.041 0.087 0.128 8 webhosting.tiscali.it Linux 0:00:00 0.029 0.009 0.103 0.207 0.415 9 www.webair.com FreeBSD 0:00:00 0.034 0.078 0.046 0.106 0.303 10 www.memset.com Linux 0:00:00 0.034 0.085 0.087 0.174 0.174
New York Internet and WestHost are the most reliable hosting company sites for December 2008. New York Internet sees its third consecutive appearance in the top ten, while WestHost becomes the most reliable hosting company for the second month in a row.
Established in 1996, New York Internet is located in the heart of the Wall Street area and owns and maintains its own data centers. The company's core services include dedicated servers, colocation and virtual web hosting. New York Internet uses Apache on FreeBSD to host its own site.
WestHost uses Linux for its main site and hosts more than 70,000 other websites. Their services include shared web hosting, dedicated servers, reseller hosting and domain name registration. WestHost's data center is SAS 70 Type II certified and constructed from nine base isolation units bolted on top of a 3.5ft reinforced matte footing, which helps to absorb shock during earthquakes.
In total, half of December's top ten hosting companies use Linux for their main company site, while three use FreeBSD. green.ch uses the F5 BIG-IP device and Easynet uses Windows Server 2003.(more...)
Netcraft's SSL Survey shows that 14% of valid third party SSL certificates have been issued using MD5 signatures — an algorithm that has recently been demonstrated to be vulnerable to attack by producing a fake certificate authority certificate signed by a widely-trusted third party certificate authority.
The researchers achieved this by producing a hash collision — they submitted valid certificate requests to a certificate authority (CA), while producing a second certificate that had the same signature but entirely different details. When the CA signed the valid certificate, the signature applied also to the invalid certificate, allowing the researchers to spoof any secure website that they liked. This attack is the first practical use against SSL of already-known attacks against the MD5 checksum algorithm.
Netcraft's December 2008 SSL Survey found 135,000 valid third party certificates using MD5 signatures on public web sites, which is around 14% of the total number of valid SSL certificates in use.The great majority consist of certificates from RapidSSL (shown as Equifax on the certiifcate). As of Netcraft's December survey, all of the 128,000 RapidSSL certificates in use on public sites were signed with MD5; there are some much smaller CAs that use MD5 still, and there are a small number of certificates from Thawte and VeriSign, although most of their certificates are signed with the more secure SHA1. Other CAs use only SHA1.
Verisign (owners of RapidSSL since 2006) have stated that they have stopped using MD5-signing for RapidSSL certificates, and will have phased out MD5-signing across all their certificate products by the end of January 2009. Other affected CAs are likely to follow suit, as SHA1 is well established and is already in use for the majority of SSL certificate signing, so it should be simple to switch to using this more secure alternative. Once it is impossible to obtain new certificates signed with MD5, this attack will be neutralised.(more...)
In the December 2008 survey, we received responses from 186,727,854 sites. This total has grown by 1.56 million sites since last month.
Apache shows the largest growth this month, gaining a further 2.47 million sites. Just over half of this growth is due to the net hostname growth at ThePlanet.com, which once again includes a large number of .pl domains. Many of these new sites redirect to another site hosted by ThePlanet.com, which appears to offer PornTube videos, but in fact directs visitors towards a site which Google believes to be malware .
Yahoo! Traffic Server shows another large gain since it was uncloaked at Yahoo! last month. This month's survey now finds 1.68 million sites running on YTS, which is used exclusively by Yahoo! as a reverse proxy and connection management server for a number of its services.
nginx shows the 3rd largest growth this month, climbing by more than 10% to reach 3.35 million sites. This server now has nearly 1.8% of the worldwide market share — an impressive feat, given that it is the work of just one man, Igor Sysoev.Total Sites Across All Domains August 1995 - December 2008
Developer Nov-08 Share Dec-08 Share Change Apache 93,207,591 50.34% 95,678,052 51.24% 0.90 Microsoft 63,871,279 34.49% 63,126,940 33.81% -0.69 10,996,941 5.94% 10,455,103 5.60% -0.34 nginx 3,023,369 1.63% 3,354,329 1.80% 0.16 lighttpd 3,030,958 1.64% 3,046,333 1.63% -0.01
Rank Company site OS Outage
DNS Connect First
Total 1 DataPipe FreeBSD 0:00:00 0.005 0.038 0.019 0.039 0.039 2 www.aplus.net FreeBSD 0:00:00 0.005 0.154 0.068 0.227 9.232 3 iWeb.com Linux 0:00:00 0.005 0.005 0.071 0.142 0.142 4 www.westhost.com Linux 0:00:00 0.005 0.005 0.073 0.149 0.312 5 www.he.net Linux 0:00:00 0.005 0.005 0.073 0.153 0.227 6 Server Intellect Windows Server 2003 0:00:00 0.005 0.088 0.103 0.210 0.573 7 www.canadawebhosting.com Windows Server 2003 0:00:00 0.005 0.102 0.111 0.224 0.573 8 webhosting.tiscali.it Linux 0:00:00 0.005 0.024 0.135 0.271 0.554 9 Swishmail FreeBSD 0:00:00 0.010 0.007 0.059 0.120 0.308 10 New York Internet FreeBSD 0:00:00 0.010 0.013 0.062 0.127 0.297
DataPipe, Aplus.net, iWeb, WestHost, Hurricane Electric, Server Intellect, Canada Web Hosting and Tiscali are the most reliable hosting company sites for November 2008. Unusually, there are eight companies sharing the top spot this month, each showing only 1 failed request throughout November.
Of these eight companies, the top two by average connection time (DataPipe and Aplus.net) both use FreeBSD to run their main websites. In November, DataPipe was named among New Jersey's fastest growing companies.
Linux is used by four of November's most reliable hosting companies. This includes Montreal-based iWeb, which has been providing internet hosting infrastructure for 12 years, and WestHost, which has been providing web hosting for 10 years. Linux is also used by Hurricane Electric and Tiscali, both of which have already featured as the most reliable hosting companies earlier this year.
Two of this month's most reliable hosting companies use Windows Server 2003 to power their sites: Server Intellect is a privately owned company located in Florida and offers dedicated servers, shared hosting and virtual servers. Canada Web Hosting also uses Windows Server 2003 for its main site, but offers managed hosting on both Windows and Linux.(more...)
The November 2008 survey shows worldwide monthly growth of nearly three million websites, with responses now being received from a total of 185,167,897 sites.
Apache once again tops this month's growth, gaining 1.3 million sites to 93 million, but Microsoft-IIS follows closely gaining 1.1 million extra sites to reach 64 million. Google has grown by 509 thousand this month to approach the 11 million mark.
One interesting change this month is the appearance of 221,000 sites hosted by Yahoo! that now identify themselves as running on the Yahoo! Traffic Server proxy. Last month's survey found only 521 sites that claimed to be running on YTS.
Yahoo! is thought to use YTS to provide reverse proxy and connection management in a number of its services, although many of the company's sites were previously configured to omit the Server header in their HTTP responses. Yahoo! sites thought to use YTS include Bix, delicious, Flickr and Yahoo Groups.
Yahoo! Traffic Server is used to serve 12 billion requests per day. It was originally developed by Inktomi Corporation as a proxy cache for web traffic and streaming media. Websense acquired the technology behind Inktomi's proxy server, modifying it for use in their WebBlazer Web Threat Management System. Inktomi was then acquired by Yahoo! in 2002.Total Sites Across All Domains August 1995 - November 2008
Developer October 2008 Percent November 2008 Percent Change Apache 91,888,508 50.43% 93,207,591 50.34% -0.09 Microsoft 62,766,928 34.44% 63,871,279 34.49% 0.05 10,487,607 5.76% 10,996,941 5.94% 0.18 lighttpd 3,072,457 1.69% 3,030,958 1.64% -0.05