Thursday, July 28, 2005


Blogs are a good thing. Blogs allow further communications between
friends and strangers. Blogs are another means of advertising your
wares. As in all things, well intentioned people
can enjoy the interacton of blogs.

However, as in all things, there is another side to the picture.
Here is a report from BBC news:


"Bogus blogs snare fresh victims

Cyber criminals are starting to use fake blogs to snare new victims.

The bogus web journals are being used as traps that infect visitor's
machines with keylogging software or viruses.

Filtering firm Websense said it had found hundreds of bogus blogs
baited with all kinds of malicious software to snare the unwary.

Websense warned that the baited blogs could get past traditional
security measures that try to protect people from malicious

Hidden harm

The company said blogs were being used because they inadvertently
offered lots of help to computer criminals.

Blogs are free and simple to use, offer users lots of storage space,
can be used anonymously and most do not scan stored files for
viruses and other malicious programs.

Websense said it had seen examples of some computer criminals
creating a legitimate looking weblog, loading it with keylogging
software or viral code, and then sending out the address of it
through instant messenger or spam e-mail.

"These aren't the kind of blog websites that someone would stumble
upon and infect their machine accidentally," said Dan Hubbard,
Websense's research director. "The success of these attacks relies
upon a certain level of social engineering to persuade the
individual to click on the link."

In separate cases some blogs were being used as storage lockers
holding chunks of malicious code that the controller of a network of
zombie machines wants those remotely-controlled computers to use.

In late March, Websense found a fake e-mail message that tried to
direct people to a blog that was hosting keylogging software.

Now it estimates that there could be more than 200 bogus blogs in
existence that are being used to attack net users.

By comparison blog-watching service Technorati estimates that there
are more than 8 million blogs in existence.

Anyone visiting the baited blog and falling victim to the keylogger
could find that they have bank accounts rifled by the phishing gang
behind the bogus website.

Websense warned that viruses hosted on weblogs might be a danger
because they get round the filtering systems many firms have created
to ensure malicious programs do not reach employees.

Users were urged to keep anti-virus and patches up to date,
regularly scan machines with anti-spyware products and exercise
caution when reading unsolicited messages sent via e-mail or instant
messenger. "

Story from BBC NEWS:

Published: 2005/04/14 07:20:18 GMT


Just be aware.


No comments: