Re: [Full-disclosure] phishing attacks against ISPs (also with Google translations)

[Gadi Evron <ge () linuxbox org>]

M.B.Jr. wrote:
> Dear Gadi,
>
>
> On Wed, Mar 25, 2009 at 9:40 AM, Gadi Evron <ge () linuxbox org> wrote:
> > While we have seen ISP phishing and Hebrew phishing before, these
> > attacks started when Google added translation into Hebrew.
>
>
> How exactly did you establish such a certain connection between
> Google's Hebrew translation service's debut and these phishing attacks
> you're referring to?
>
> If you're going to provide us with dates, please point out trustable
> probative sources.


Dear Mr. M.B.Jr.,

While I cannot show conclusive evidence between the two concurrent 
events, the causality in this case seems pretty obvious for the 
following reasons:

        1. The two (phishing and translation module) occurred at around
        the same time frame.

        2. Previously, this was not happening.

        3. The imperfect Hebrew looks like a machine translation.

        4. In fact, the only new element I can discern being added to
        the game was the new Google module.

Google is not at fault, they provide a valuable and good service. 
Criminals abuse the same tools we use.

I concede that it is not outside the realm of possibility some crappy 
Hebrew translator suddenly started working with the phishing gangs, but 
it doesn't seem likely.

Conversely, do note I did not state it was Google's translation engine 
that was abused, but rather asked if others see this as well and can 
confirm. I say it now, it is the most likely conclusion.

I'd be happy if someone has other ideas to help us reach a better 
conclusion?

        Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.