just for blabbing to friends and family, said a security
and content filtering firm Wednesday, but increasingly
are being used as a safe haven by hackers for storing
and distributing malicious code, including identity-stealing
that more and more of the locations where malicious code
is stored is on blog sites," said Dan Hubbard, the
senior director of security and technology research for
San Diego-based Websense. So far this year, Hubbard said,
his lab has discovered hundreds of blogs involved in the
storage and delivery of harmful code.
keyloggers and other Trojan downloaders and droppers
are being stored and updated from blog sites," Hubbard
added. A keylogger is the term for a type of spyware that
watches for, records, then transmits to the hacker identities
surreptitiously hijacked from PCs.
Malware and spyware
writers are turning to blogs -- and away from traditional
hosting and/or e-mail services -- because they offer large
amounts of free storage space, they don't require any
identity authentication to post, and most blog hosting
services don't scan posted files for viruses, worms, or
the storage, partly the ease of use [of blogs], and partly
a stability issue. Hacked machines, for instance, can
easily go down if the actual owner discovers his computer's
being used, but the blogs are always there," said
use blogs different ways. Some may create a blog on
a legitimate service, then post viral or keylogging code
on the page, and entice users to visit the page -- where
they're infected -- using spam or spim. Others may use
the blog only as storage for malware which previously-planted
Trojan horses access to update themselves or install a
keylogger onto the infected PC.
"In those cases,
victims don't even see the blog or the blog site,"
said Hubbard. "Hackers are using the storage space
on the blog site because, unlike personal storage and
mail hosting facilities, most blogs aren't running anti-virus
software on posted files."
The use of blogs
further disguises the true identity of the hacker,
and adds another route in the labyrinth-like path that
attackers use to disseminate their code.
In late March,
for instance, Websense issued an alert that outlined
how a spoofed e-mail tried to redirect recipients to a
blog which in turn hosted a Trojan horse designed to steal
online banking passwords.
"The blogs are
being used as the first step of a multi-layered attack
that could also involve a spoofed e-mail, Trojan horse,
or a keylogger," explained Hubbard.
can do little beyond keep safe and smart practices
in mind -- don't open attachments, don't travel to questionable
links within e-mail or instant messages -- Hubbard said
there was plenty blog hosting services could do.
"They need to
add some type of security on top," he urged. "Anti-virus
is a good start. And limit the type of files that can
be uploaded, by, for example, restricting executables."
About the Author:
By Gregg Keizer
discontinue mailings, click here