Re: [Full-disclosure] phishing attacks against ISPs (also with Google translations)

[Gadi Evron <ge@xxxxxxxxxxxx>]

M.B.Jr. wrote:
> Dear Gadi,
> 
> 
> On Wed, Mar 25, 2009 at 9:40 AM, Gadi Evron <ge@xxxxxxxxxxxx> wrote:
>> While we have seen ISP phishing and Hebrew phishing before, these
>> attacks started when Google added translation into Hebrew.
> 
> 
> How exactly did you establish such a certain connection between
> Google's Hebrew translation service's debut and these phishing attacks
> you're referring to?
> 
> If you're going to provide us with dates, please point out trustable
> probative sources.


Dear Mr. M.B.Jr.,

While I cannot show conclusive evidence between the two concurrent 
events, the causality in this case seems pretty obvious for the 
following reasons:

        1. The two (phishing and translation module) occurred at around
        the same time frame.

        2. Previously, this was not happening.

        3. The imperfect Hebrew looks like a machine translation.

        4. In fact, the only new element I can discern being added to
        the game was the new Google module.

Google is not at fault, they provide a valuable and good service. 
Criminals abuse the same tools we use.

I concede that it is not outside the realm of possibility some crappy 
Hebrew translator suddenly started working with the phishing gangs, but 
it doesn't seem likely.

Conversely, do note I did not state it was Google's translation engine 
that was abused, but rather asked if others see this as well and can 
confirm. I say it now, it is the most likely conclusion.

I'd be happy if someone has other ideas to help us reach a better 
conclusion?

        Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/