Home   |   News   |   What's New   |   Most Read Stories	XML RSS Feed

	E-mail this story     Printer-friendly version     Bookmark this page Toxic blogs distribute malware and keyloggers April 12, 2005   Websense Security Labs reports bogus blog websites used as tool to deliver and support malicious software.         TOP STORIES Government intervenes in warrantless wiretapping lawsuit Commtouch unveils image-based spam defense Verizon sued over NSA surveillance US spy agency building database of every call ever made Email bomber heads back to court Zombie master Jeanson Ancheta sentenced to 5 years in prison New York man to settle in Washington's first spyware case US demand for college wiretaps questioned Russian virus distributor convicted Corporate instant messaging on the rise Court slams former spam king over spyware Hacker charged with stealing information from military MPAA releases new piracy loss data Spam King Alan Ralsky not jailed Consumers in the dark about latest tech buzzwords more    The blogs are being utilized as the first step of a multi-layered attack that could also involve a spoofed email, Trojan horse, or a keylogger. In the past four months, Websense has detected hundreds of cases where blogs were used to store malicious code and infect users' computers. Websense said that as of Tuesday, there are 210 active bogus blogs. The company also notes that the average lifespan of one of these blogs is three or four days. Cyber-criminals are attracted to blogs not only because the medium's popularity is growing, but also because allow users to easily publish their own web pages and offer large amounts of free storage, they do not require any identity authentication to post information, and most blog hosting facilities do not provide antivirus protection for posted files. In some cases, the culprits create a blog on a legitimate host site, post viral code or keylogging software to the page, and attract traffic to the toxic blog by sending a link through spam email or instant messaging (IM) to a large number of recipients. In other cases, the blog can be used as a storage mechanism which keeps malicious code that can be accessed by a Trojan horse that has already been hidden on the user's computer. For example, on March 23, 2005, Websense Security Labs issued an alert detailing a spoofed email message that attempted to redirect users to a malicious blog which would run a Trojan horse designed to steal banking passwords. In this situation, the user received a message spoofed from a popular messaging service, offering a new version of their IM program. Upon clicking the link, the user was redirected to a blog page which was hosting a password-stealing keylogger. When predetermined banking websites were accessed, the keylogger (bancos.ju) logged keystrokes and sent them to a third party. "These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally. The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link," said Dan Hubbard, senior director of security and technology research for Websense, Inc.   E-mail this story     Printer-friendly version     Bookmark this page
	Custom Search     Subscribe  |   Link to Us  |   Syndicate  |   Bookmark Us  |   RSS feed  |   Privacy Policy  |   Contact Us   Copyright © 2005-2009 Interlink Enterprise Computing. All rights reserved. All company logos & trademarks displayed on this site belong to their respective owners