Blog

One of the biggest issues reasons for our concern is user-created content. Allowing people to upload their own content to a website obviously is not anything knew, its the added attraction of giving them access to all kinds of new active media, scripting, and social networks that is. This combined with the fact that attackers are utilizing the sites for their own purposes to create and upload malicious content and that the usage of these sites is skyrocketing.

The most recent example that we have discovered in June is the continued use of Google Pages for nefarious practices. In the past the site, which allows user created content, has been used a lot for hosting malicious binary files. What we are now seeing is the same site being used to host a variety of phishing attacks. This gives the attacker a very reliable platform for hosting their site and a location that some application gateways may not scan based on the owner of the IP space and/or domain name (i.e. domain reputation)

Screenshot of Phishing attack on Google Pages:

At a minimum it would be very beneficial for these web site "property" owners to scan the  data that gets uploaded for malicious code, active content, and for commonly known phishing attack heuristics.

Web "two dot uh-oh": http://www.websensesecuritylabs.com/webcast (note hosted on Bitpipe).
Google Hosting Crimeware: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=522