"We're seeing that more and more of the locations where malicious code is stored is on blog sites," said Dan Hubbard, the senior director of security and technology research for San Diego-based Websense. So far this year, Hubbard said, his lab has discovered hundreds of blogs involved in the storage and delivery of harmful code.
"In particular, keyloggers and other Trojan downloaders and droppers are being stored and updated from blog sites," Hubbard added. A keylogger is the term for a type of spyware that watches for, records, then transmits to the hacker identities surreptitiously hijacked from PCs.
Malware and spyware writers are turning to blogs -- and away from traditional hosting and/or e-mail services -- because they offer large amounts of free storage space, they don't require any identity authentication to post, and most blog hosting services don't scan posted files for viruses, worms, or spyware.
"It's partly the storage, partly the ease of use [of blogs], and partly a stability issue. Hacked machines, for instance, can easily go down if the actual owner discovers his computer's being used, but the blogs are always there," said Hubbard.
So a call to the blog hosts to tighten the account creation process, to limit the file upload capabilities, and to scan for the bad stuff would be a good thing to do.
In the meantime, be aware of the potential.
InformationWeek provided this link.
No comments:
Post a Comment