Thursday, April 14, 2005

New problem for blogs

Once categorized, many folks figure all of a kind are alike. Hey, that is why they categorize in the first place. However, we know there is some distribution amongst the category. Blogs for example are not exempt from this issue. There are those amongst us who are journalists, those who just want to have a conversation, those who just want to use the internet to post their daily musings, and now there are those hackers who use blogs to do some nasty stuff.

"We're seeing that more and more of the locations where malicious code is stored is on blog sites," said Dan Hubbard, the senior director of security and technology research for San Diego-based Websense. So far this year, Hubbard said, his lab has discovered hundreds of blogs involved in the storage and delivery of harmful code.

"In particular, keyloggers and other Trojan downloaders and droppers are being stored and updated from blog sites," Hubbard added. A keylogger is the term for a type of
spyware that watches for, records, then transmits to the hacker identities surreptitiously hijacked from PCs.

Malware and spyware writers are turning to
blogs -- and away from traditional hosting and/or e-mail services -- because they offer large amounts of free storage space, they don't require any identity authentication to post, and most blog hosting services don't scan posted files for viruses, worms, or spyware.

"It's partly the storage, partly the ease of use [of blogs], and partly a stability issue. Hacked machines, for instance, can easily go down if the actual owner discovers his computer's being used, but the blogs are always there," said Hubbard.

So a call to the blog hosts to tighten the account creation process, to limit the file upload capabilities, and to scan for the bad stuff would be a good thing to do.

In the meantime, be aware of the potential.

InformationWeek provided this link.

No comments:

Post a Comment