eBay Fooled by Fast-moving Phishing Scam

Sometimes even the targets of phising attacks have difficulty sorting out whether an e-mail or web site is bogus. In other instances, spoof sites remain online long after they are identified as criminal scams.

Both scenarios are found in a story related by an e-mail security researcher, who submitted an obviously fraudulent phishing site to eBay, only to have the auction company's staff e-mail back to insist that the site was legitimate and that the "bait" e-mail was sent by eBay.

The scam site, ebaychristmas.net, was blocked on Nov. 25 by the Netcraft Toolbar community. This particular fraud site illustrates the difficulty of relying upon web hosting services to protect Internet users by taking a site offline.

Continue reading

December 2005 Web Server Survey

In the December 2005 survey we received responses from 74,353,258 sites. That's a decrease of 219.5K sites from the November survey, marking the first decline in the Netcraft survey since January 2003. Thus, a record year for Internet growth has ended with a whimper rather than a bang. After gaining 17.5 million sites in the first 10 months of 2005, the Internet lost 30,000 sites over the next two months.

This month's results are influenced by a decline of 1 million hostnames at Zipa, a New Orleans provider of hosting and colocation. Zipa added 1 million new hostnames in our September survey, and had an identical number of domains expire this month, the majority of these being .name domains. The pattern suggests the expiring domains may have been .name domains registered through a promotion which allowed registrars to bulk-register .name domains for free for 60 days. Last month's results were also weighed down by a block of expiring domains, in that case more than 800K .info names registered by eNom.

The December survey sees momentum continue to shift in the web server market, where Microsoft gained 463K sites, of which around 300K were at German hosting company Intergenia, while Apache (which is used by Zipa) had a net decline of 903K. Windows servers also outpaced Apache in active sites for the third straight month, during which it has lifted its market share in active sites by 4.1 percent to 24.4 percent.

Total Sites Across All Domains August 1995 - December 2005

Total Sites Across All Domains, August 1995 - December 2005

Graph of market share for top servers across all domains, August 1995 - December 2005

Top Developers
DeveloperNovember 2005PercentDecember 2005PercentChange

Continue reading

Netcraft Toolbar Available for Firefox 1.5

Firefox users who haven't yet tried the Netcraft Toolbar are invited to install the latest version, which has been updated for compatibility with Firefox 1.5. Current users upgrading from Firefox 1.0.7 or earlier will need to install the newest version of the toolbar. Our toolbar download page allows Firefox users to choose the install for their version of the popular open source browser:

Netcraft Toolbar download for Firefox

Windows XP users upgrading from Firefox 1.0.7 who have disabled software installations as a security precaution may experience difficulty installing the newest Toolbar update. In Firefox 1.5, the software installation option has been removed from the user preferences and is enabled by default. If you previously disabled this option and then upgraded to Firefox 1.5, you can enable the preference by typing "about:config" in the address bar and scrolling down to "xpinstall.enabled." Set this to "true" and restart Firefox. You should then be able to update the Toolbar successfully.

The toolbar runs on any operating system supported by Firefox and displays the hosting location, country, longevity, popularity, and an abstracted risk rating for each site visited. Additionally, the toolbar blocks access to phishing sites reported by other members of the Netcraft Toolbar community and validated by Netcraft, mobilizing the community into a giant neighborhood watch scheme which empowers the most alert and experienced members to protect the vulnerable against fraud and phishing attacks. Toolbar users submitted more than 8,700 phishing URLs in October.

It is available to download from the Toolbar website, and requires no special administrator privileges to install. Customized versions with corporate branding and navigation are also available.

Phishers Exploit Open Redirect on U.S. Government Site

A phishing attack is exploiting an open redirect on a U.S. government web site to gain credibility for bogus e-mails promising an IRS tax refund. The scam e-mail offers an IRS refund of $571 to recipients if they click on a link to govbenefits.gov, a legitimate federal web site that has recently been promoted by President Bush as a tool to streamline relief for victims of Hurricane Katrina.

An open redirect on the govbenefits.gov web site allows phishers to craft a URL that uses the govbenefits.gov URL but instead sends users to a web server in Italy and a phishing site seeking to steal their bank login details and Social Security number.

Netcraft's Anti-Fraud Open Redirect Detection Service assists web site owners in detecting open redirects that could allow criminals to misuse their sites in Internet scams. Online banking sites are under active scrutiny by fraudsters, who are keen to detect and exploit opportunities to run their frauds on banks’ own sites. Taking advantage of programmer mistakes in web applications, fraudsters have been able to run phishing scams on sites belonging to Visa, Mastercard, SunTrust, Charter One, and Citizens Bank.

Netcraft can perform an automatic search of a customer’s web sites to scan for possible redirection URLs in use, on a daily basis, thereby promptly trapping redirects introduced by inadvertent web design and application development.

Solid Performance for Firefox Download Site

The download site for Firefox is performing well following the release of a widely-anticipated update of the open source web browser. Firefox version 1.5, which was released Tuesday night, features "dozens of enhancements," according to the Mozilla Corporation, including improvements in popup blocking, RSS integration and updating.

Firefox download site performanceA distributed network of mirror sites in more than 30 countries appears to be handling current download demand with few difficulties. The download.mozilla.org site, which redirects traffic to the mirrors, has had good response time today and fared well during a Slashdotting Tuesday night. That's a contrast with last year, when the mozilla.org web site was slowed by heavy demand after Firefox 1.0 was released. The browser has since been downloaded more than 112 million times. While that number reflects multiple downloads by some enthusiasts, the growth of Firefox places a premium on efficient handling of new releases.

A dynamically updating chart of the site performance for download.mozilla.org is available here.

Microsoft Launches Free Email Services for Domain Owners

Microsoft has launched the beta version of its Windows Live Custom Domains service, which offers e-mail and instant messaging service for existing domains. The free service offers up to 20 e-mail accounts per domain, with each mailbox featuring scanning for junk mail and viruses, as well as 250 megabytes of storage space - adding up to a storage limit of 5 gigabytes of e-mail for each domain.

With Windows Live Custom Domains, Microsoft can offer e-mail services to business users who want a free solution but are reluctant to use its existing Hotmail service. Tying the new offering to an existing domain makes it easier to address any abuse of the service for spamming, which historically has been a major issue for free e-mail services.

Continue reading