Google search behind most phishing sites

Three-quarters of phishing sites are built on hacked servers that have been tracked down using pre-programmed Google search terms, according to research from brand-protection firm MarkMonitor.

Among other activities, MarkMonitor tracks phishing attacks that target brand names. Researchers compiled a list of 750 Google search terms that are used to track down Web sites likely to have easily exploitable vulnerabilities - mostly PHP-based sites.

The search terms return a list of sites likely to have particular vulnerabilities; the attackers then exploit the vulnerability, gain access to the site, and then use it to host malicious code or counterfeit web pages as part of the scam.