Posted on 04/15/2005 6:48:33 AM PDT by John Jorsett
Cyber criminals are starting to use fake blogs to snare new victims.
The bogus web journals are being used as traps that infect visitor's machines with keylogging software or viruses.
Filtering firm Websense said it had found hundreds of bogus blogs baited with all kinds of malicious software to snare the unwary.
Websense warned that the baited blogs could get past traditional security measures that try to protect people from malicious programs.
Hidden harm
The company said blogs were being used because they inadvertently offered lots of help to computer criminals.
Blogs are free and simple to use, offer users lots of storage space, can be used anonymously and most do not scan stored files for viruses and other malicious programs.
Websense said it had seen examples of some computer criminals creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail.
"These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally," said Dan Hubbard, Websense's research director. "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."
In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use.
In late March, Websense found a fake e-mail message that tried to direct people to a blog that was hosting keylogging software.
Now it estimates that there could be more than 200 bogus blogs in existence that are being used to attack net users.
By comparison blog-watching service Technorati estimates that there are more than 8 million blogs in existence.
Anyone visiting the baited blog and falling victim to the keylogger could find that they have bank accounts rifled by the phishing gang behind the bogus website.
Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees.
Users were urged to keep anti-virus and patches up to date, regularly scan machines with anti-spyware products and exercise caution when reading unsolicited messages sent via e-mail or instant messenger.
People continually amaze me at how hard they will work to be dishonest when if they worked that hard in an honest manner they most likely would get same or better returns with no jail time.
One big web and a whole battalion of spiders. ;)
Huh. Why such a minor theft? At DU they try to steal your soul.
This would be a "trojan" rather than a virus. It is certainly posible to have a trojan written for a Mac... the problem is how to get you to install it and run it. Any attempt to download and install software on a Mac would be obvious... you have to give a new program permission to install and to run for the first time. That's why they talk about "social engineering" which is designed to persuade the user to install their malware.
Don't install any software from a site you don't trust. Simple as that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.