Thursday, August 30, 2007

Google Blogger under attack--beware of malicious links.

According to a BBC report since Aug. 27, a gang has been hijacking Blogger blogs and boobytrapping them with links that either mine computers for "saleable data" or use them to attack other computers.
Security researcher Alex Eckelberry from Sunbelt Software first noticed the booby-trapped links turning up on Blogger on 27 August.

Now many hundreds of blogs on the site have been updated with a short entry containing the link.

Mr Eckelberry said it was not yet clear how the links were posted to blogs. The bogus entries could have exploited a Blogger feature that lets users e-mail entries to their journal.

The blogs themselves could also be fake and set up solely to act as hosts for spam.


The latter part of this could mean trouble for folks who use particular templates that sploggers also like to use. Google blogger doesn't have the greatest reputation for the "personal touch" and to deal with a problem of this magnitude, may simply narrow down the template search and zap whomever. We'll see...

The Beeb report goes on to comment that the text of the entries echoes some spam emails that the same gang started sending out in January--the virus became known as the "storm worm":


(courtesy of the BBC site...)

A quick note on spammy email--as in how to tell if you've got spammy email, even if the url after the "@" looks legit. Since I don't use Outlook, I don't have that hinky view window that gives me the preview. This Outlook feature has actually triggered viruses/worms before, hence my reluctance with Outlook. Usually, anything that comes in my email with what looks like a European url is, for me, spam and is directly deleted. This past weekend, however, I got something from what looked like a non-european website with one of the subject lines listed in the box above--I believe it was the "I can't believe you did this" subject line. Since the addy looked legit (and I've received some email nasties in the past with subject lines of that sort) the thought crossed my mind to open it--that is until I checked the url associated with the email addy. I'll do this just to check out the sender. The url lead to the blog of a gamer guy--a legit blog with legit entries. Because there's nothing on my blog that would necessarily piss off a gamer, I decided something had got to his computer and I deleted his email. I'll admit this is not the best way of dealing with these things (and you're probably thinking I'm not the brightets bulb in the ceiling on this particular issue), but sometimes unknown email has lead to interesting speaking opportunities, so I don't like to delete everything (esp. when not everything makes it to the bulk email.)

With security experts expecting the virus to have infected over a million Windows PCs, I'm going to be paying careful attention to what's coming into my "In" box.

The Beeb report also mentions that the infected blogs were ones that were either set up to accept email postings or were intentional splogs. I wonder, too, if the infected blogs are ones that have been abandoned. From my cruising of Blogger blogs, I've found some interesting anomalies: (1)sometimes if a blog is deleted, the title will be ursuped by a splogger and (2)abandoned blogs that are not taken out of search are ripe for sploggers and possibly also for this kind of attack. So, if blogging's gotten to be too much for ya, deleting the blog and the account might be the best for everyone. It's pretty easy and can save all of us some serious headaches.

Besides, you can easily open up another blog when you get the "bug" again...

No comments: