Wednesday, April 27, 2005

Beware Of Malicious Blogs

Hackers have turned to blogs to store and distribute viruses, worms, keyloggers and other malicious code. There are literally hundreds of these infected blogs out there and all it takes to be infected is visiting their blog. In particular, keyloggers and other Trojan downloaders and droppers are being stored and updated from blog sites.


A keylogger is the term for a type of spyware that watches for, records, then transmits to the hacker identities surreptitiously hijacked from PCs. Malware and spyware writers are turning to blogs and away from traditional hosting and/or e-mail services because they offer large amounts of free storage space, they don't require any identity authentication to post and most blog hosting services don't scan posted files for viruses, worms or spyware.

It's partly the storage, partly the ease of use of blogs and partly a stability issue. Hacked machines, for instance, can easily go down if the actual owner discovers his computer's being used, but the blogs are always there. Different hackers use blogs different ways. Some may create a blog on a legitimate service, then post viral or keylogging code on the page and entice users to visit the page where they're infected using spam or spim. Others may use the blog only as storage for malware which previously-planted Trojan horses access to update themselves or install a keylogger onto the infected PC.

In those cases, victims don't even see the blog or the blog site. Hackers are using the storage space on the blog site because, unlike personal storage and mail hosting facilities, most blogs aren't running anti-virus software on posted files. The use of blogs further disguises the true identity of the hacker and adds another route in the labyrinth-like path that attackers use to disseminate their code. The blogs are being used as the first step of a multi-layered attack that could also involve a spoofed e-mail, Trojan horse or a keylogger.

While end-users can do little beyond using safe and smart computer practices (don't open attachments, don't travel to questionable links within e-mail or instant messages), it may be a good idea NOT to use the "next blog surf feature" Blogger.com offers at the top right corner of every blog. Even I have used that before and found my computer detecting a virus being downloaded directly from the blog I was then visiting. If you are smart, you run anti-virus software to guard from this, but sometimes that won't even protect you. My best advice it to play it safe and do not use the "next" feature to surf unknown/random blogs.

No comments:

Post a Comment