Malware-Infected Blogs On The Rise

Blogs can generate huge revenues for social engineers. They can help to gather information about a target's day-to-day interests, views, psyche and friends. Some sites like 'MySpace', 'Bebo' and 'Yahoo360' have added facilities as they also provide photographs, personal details, hobbies and vacation schemes of targets.

Internet criminals these days are gaining more knowledge about these online personal journals and using them to trap unsuspecting victims. They increasingly take advantage of blogs or online communities to distribute malware through links taking visitors to fraudulent websites, malicious code and more threats.

According to Dan Hubbard, 'senior director of security and technology research' for 'Websense', these blog websites are different from the usual types, which just comes across and infect machines. The successful outcome of these blog attacks depends on a certain amount of skill of social engineering that can entice a person to click on the link.

The process involves miscreants creating a blog on an authorized host site. On this, they post malicious code or keylogging software and attract users to the blog by dispatching link through spam mails or IM to possible victims. Therefore, for the malware-infected blog, the site becomes the host of the malicious program.
The blog is so set up that it often allows malware to pass through filtering systems undetected. As it starts to run on the Internet, it somehow occupies a permanent place in the World Wide Web. The blog is then easily accessible to Internet users who click on an active link and fall in the trap. Those who are unaware of the presence of the blogs are at greater risk.

Today, hundreds of such malware-infected blogs spread harmful software, which is partly due to increased availability of malware and spyware to online criminals.

Hope prevails, however, as renowned IT and Internet firms are producing ways to disable these scammers. There are 'Information sites' and 'blog code improvements' like Google's "nofollow" tag that helps genuine blogger's to protect their machines. Experiments are ongoing for advanced means of detection and protection. Till they are available to use, users must keep themselves informed and on guard as a main defense against ill-intended blogs.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 10/16/2006