Friday, April 15, 2005

Fake blog sites infecting people's computers

Well, this is just a crappy thing to do - bogus web log (blog) sites being used as traps to infect visitor's computers. The firm Websense noted in a recent study that it has found hundreds of blogs created for this purpose, and warned that the viruses/malicious software found on some of them could get past traditional security measures such as anti-virus scanners and anti-spyware programs. The article notes that the perpetrators would creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail. So, as Websense's research Director Dan Hubbard is quoted as saying, "These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally - The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link." There is some comfort in that, and in the fact that best estimate is currently 200 bogus blogs out of the estimated 8 million blog sites out there. As a blogger myself, I think it's a really horrible thing to do (of course) - but how do you stop it? Getting a blog started these days is incredibly easy, you get decent amounts of storage space to host whatever you will be putting on your blog through a good number of hosting companies, and you can remain anonymous very easily. So it would be really hard to police this the way things are currently. Could it lead to more stringent policies at the blog host - like collecting and verifying information from someone before they can start a blog on the service? Or does that start to hit up against First Amendment rights? Maybe it's just as simple as personal responsibility for now, since these sites are reached via spam email. So, in other words, if I'm savvy enough to not open unsolicited spam and click on a link in it, I'll be fine. Let's just hope the jerks behind this don't get smarter and find even craftier ways to do this.

No comments: