Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Blogs Latest Source of PC Infection

Posted by Zonk on Fri Apr 15, 2005 08:11 AM
from the watch-where-you-surf dept.
Spam Technology
smooth wombat writes "The BBC has a story which indicates that filtering firm Websense believes at least 200 fake blogs are in existence which have malicious code that could infect your pc. Websense said it had seen examples of some computer criminals creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail. Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees." From the article: "In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Blogs Latest Source of PC Infection 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Websense == Bad (Score:5, Funny)

    by maotx (765127) <maotx@yaho o . c om> on Friday April 15 2005, @08:12AM (#12243463)
    WEBSENSE filters legit sites! [thebestpag...iverse.net]

  • Beyond my understanding (Score:3, Informative)

    by PinkX (607183) on Friday April 15 2005, @08:12AM (#12243465) Homepage
    How could a blog site - or whatever kind of site for that matter - host and run keylogging software?

  • So... (Score:5, Funny)

    by Skye16 (685048) on Friday April 15 2005, @08:14AM (#12243481)
    So basically they're saying there are now webpages that exist to infect your computer with malicious code through various browser security holes? Huh. Imagine that. I never would have thought that to be possible.

    Dot dot dot.
    • I, for one, think this security guys are too paranoid. Next they will say the innocent attachments strangers keep sending me in my email messages will harm my computer. What about having some faith in people's good intentions?

  • Wow (Score:5, Funny)

    by Anonymous Coward on Friday April 15 2005, @08:14AM (#12243482)
    ... as if the fact they're largely written by self-important bores wasn't reason enough to avoid blogs and bloggers.

    • Glass houses (Score:5, Funny)

      by guet (525509) on Friday April 15 2005, @08:34AM (#12243646)
      yeah, I know, I read this site because it's written by humble yet well-informed and interesting people, who are careful not to make generalisations.
    • People? I thought they were written by computer programs!

      Seriously, I thought were already some form of worm. User surfs web, is infected by code. Code signs up for an account under the user's name and starts posting lots of "omg lol w00t" garbage intermixed with copies of itself. I mean, nobody really WRITES like that, right? It HAS to be some sort of glitch...

  • Suppression (Score:5, Interesting)

    by tankenator (803647) on Friday April 15 2005, @08:14AM (#12243484)
    Is this really the case, are is it yet another attempt by corporations to subtly supress their employee's reading habits???

    • Re:Suppression (Score:5, Interesting)

      by alnjmshntr (625401) on Friday April 15 2005, @08:29AM (#12243617)
      I would say it's another attempt by Websense to sell more product. Haven't we seen this all before from Symantec/Mcafee et al, scaring the masses into buying their product?

    • Re:Suppression (Score:5, Insightful)

      by OhPlz (168413) on Friday April 15 2005, @08:30AM (#12243620)
      Seems more like a case of the BBC trying to publish an article with a buzzword in it.

      A responsible journal would have gone on to say that any web site, not just a blog, could potentially attempt the same sort of behavior. This isn't anything new and has nothing much at all to do with blogging.

      Actually.. why am I blaming the BBC? It made the front page here..

    • Re:Suppression (Score:5, Interesting)

      by justforaday (560408) on Friday April 15 2005, @08:38AM (#12243670)
      Is this really the case, are is it yet another attempt by corporations to subtly supress their employee's reading habits???

      Well, being an employee of a company that uses WebSense's filtering product, there is absolutely nothing subtle about it. Hell, at one point linux.slashdot.org was blocked due to being a freeware/shareware distribution point (along with getfirefox.com - still blocked)! Of course this all comes down to how the company has set it up. And nevermind that our braindead IT department blocks webmail as a major security vector, but then has all of us running as admin, with improperly secured share points on many of the machines (earlier today I noticed that anyone can mount the C drive of the main gov't affairs machine here)...Alright, enough of my ranting for now. IE vulnerabilities grumble grumble grumble...
      • I didn't think security was the purpose of websense.. I always looked at it as a way to make sure employees can't look at mail/porn/etc online instead of working.
      • Websense is blocking too much and yet too little. Now, that's bad in all sorts of ways. If you're being blocked and think you shouldn't (blocking gay rights pages as porn etc.) you're being slandered basically. If you bought the product, it's giving you a false sense of security. That's all websense's doing.

        But in your case, unless you installed websense yourself, you're probably being forced by your employer into using it. That makes them the "fuckheads", not websense. If all companies would stop using we
        • Websense is like any other piece of enterprise software. It's only as good as the people configuring it. I've deployed it and it has its uses. I sat down with management and discussed what they was off-limits and what was deemed ok and what was grey area.

          Websense allows for a lot of configuration, but I imagine many companies just deploy it and leave it stock.

  • Only 200? (Score:5, Interesting)

    by Alibloke (838866) on Friday April 15 2005, @08:15AM (#12243494)
    This doesn't seem to be a great deal of sites, after RTFA I now know there are around 8 million blogs and only 200 are infected.

    Personally I'll take my chances........

    • Re:Only 200? (Score:2, Funny)

      by Anonymous Coward
      You've confused the word "infected" with the phrase "worth reading"
  • Only they use a fake webpage to install shit, rather then using a fake webpage to take your info. The ideas the same though, most people on the web (or at least those just on it for the blogs) don't really know the difference between what looks like a professional page, and what IS a professional page. More wide spread education about the dangers of what can be found on the internet really needs to happen.

  • So if the blog says.... (Score:5, Funny)

    by GPLDAN (732269) on Friday April 15 2005, @08:18AM (#12243522)
    If the blog you are reading says...
    "Today, I went with Billy and Johnny, and we went to the farm and saw a cow. It was a big cow! Download this program and it will show you how big the cow was!" ... you probably shouldn't download the code.

    If the blog purports to be from some p0rnster, and the blog says "download this cool active X control, it will let you see all these hot pix I took at the club last night"... you probably shouldn't install the control.


    Ok, I think I got it.

  • .0025%? (Score:3, Interesting)

    by mwkaufman (859791) on Friday April 15 2005, @08:19AM (#12243527)
    So there are 200 fake blogs among 8,000,000 that were drawn up with malicious code and this is a story? I'm sure there are far more websites out there that aren't blogs with malicious code. All it comes down is protecting your computer the way you prevent anything bad from happening, by not being stupid about it. 200 is a drop in the bucket when it comes to the blogging community.

    • Re:.0025%? (Score:5, Insightful)

      by ergo98 (9391) on Friday April 15 2005, @08:25AM (#12243582) Homepage Journal
      So there are 200 fake blogs among 8,000,000 that were drawn up with malicious code and this is a story?

      The story is that blogs are dangerous. Blogs are the tool of the devil, and they will install keyloggers, spy through your webcam, and solicit your children. Blogs are the tools of criminals and miscreants.

      Good people should stay away from blogs and instead obtain all of their entertainment and information from the large corporate media outlets.
  • "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."

    The brighter criminals seem to understand that this well and more and more scams are less about clicking on something than it is about convincing someone to provide their SS#, banking info, etc.

  • What's the problem? (Score:5, Insightful)

    by LegendOfLink (574790) on Friday April 15 2005, @08:21AM (#12243551) Homepage
    Maybe the problem isn't that the fake blogs are carrying malicious code; rather that the browsers (coughIEcough) being used to surf the fake sites aren't secure enough.

    Malicious websites will always be around; however, if we try and educate the public about security, they'll be rendered useless.

  • Competition anyone? (Score:5, Interesting)

    by BKuhl (2470) on Friday April 15 2005, @08:22AM (#12243561)
    Let see... The mainstream news is reporting "Don't go read the blogs or your PC will crash and burn." Does anyone else find it curious that blogs are one of the more potent competitors the the mainstream news in recent time?
    They couldn't be trying to discredit the competition?
    • Interesting point. News media has been failing to report fair and balanced news in recent years. This has led to the masses of documentaries being released, because documentaries are free to probe and investigate the issues to their full extent (without media restrictions).

      It seems that blogs are another offshoot of the failure of mainstream media. The blog Baghdad Burning: http://riverbendblog.blogspot.com/ [blogspot.com] provides insight into the Iraq war that inbedded journalists have missed.

  • Blogs or websites? (Score:5, Insightful)

    by delymyth (17681) * on Friday April 15 2005, @08:24AM (#12243578) Homepage Journal
    I do have a blog, or at least people call it a blog.
    What I'm asking myself right now, reading this article is...
    "What's the difference between a blog and a website?"
    I mean, how could a proxy know it's a blog?
    It can't, unless you talk about blogs hosted on big blogger networks.
    But I'm not the only one having a blog on another hosting service, with my own domain and so on.
    The same could happen with "personal home pages", the problem is, as usual, people click on anything that seems interesting, without checking the website where they'll end.

    It's always a matter of Social Engineering, users have to be educated I think...

    • Re:Blogs or websites? (Score:4, Interesting)

      by daveschroeder (516195) * on Friday April 15 2005, @09:11AM (#12243930)
      Because apparently everything is a blog now, when it's convenient.

      For example, we used to call Think Secret and AppleInsider "news web sites" or "mac rumor sites". Apparently they're now "blogs".

      And yes, I realize that a "blog" IS a "web site", but my point is, aren't we going a little overboard on calling things "blogs"? Think Secret only started being a blog when people wanted to trumpet the cause of "blogger's rights" and thought it was some huge case about free speech and whether bloggers can be considered "journalists".

      Unfortunately, it backfired, because the judge acknowledged that bloggers CAN INDEED be journalists, and they also have the same free speech and press rights as anyone else. But they also can't obtain information in violation of existing statutes.
    • It's just a bunch of gobbledygook. "Storage lockers"? Um, yeah. Blogs having some special property that renders virus scanners inoperative? Not last time I checked. Really, I don't see any sense in the whole thing besides "hey guys, there's some adware and stuff on blogs now." "hey, thanks for the heads-up, I guess that had to happen eventually."

  • huh? (Score:3, Funny)

    by Anonymous Coward on Friday April 15 2005, @08:27AM (#12243597)
    how do these blogs get outside the browser sandbox?

    publishing this sort of rubbish should be punished.

  • Linux still not ready for the desktop (Score:3, Funny)

    by deacon (40533) on Friday April 15 2005, @08:28AM (#12243605) Journal
    This is another example of the lack of compatability that is preventing Linux from being successful on the Desktop.

    Lacking the broad compatibility of Windows to run any executable at any time without pestering the user, Linux will slowly fall out of favor as the more "user friendly" Windows proves yet again that everthing "just works".

    Developers must get their act together to make Firefox compatible with these soon -to-be mainstream methods of allowing users to update their PCs without worrying their little heads over such arcane details as "what does this application do?"

    Until Linux can match Windows in this kind of ease of use, I'll have to stop using FC3 and Firefox and upgrade to XP and IE.

    Note to mods: This post contains sarcasm. Do not eat.

    • ha ha, i'm too in firefox on fedora core 3, and yes, it's tough.

      me, i tried everything to get infected. i tried an ActiveX plugin for Firefox, i tried running IE through Wine - still nothing very nasty.

      in the end i wrote a perl script to open random double click ads in lynx.

  • QUICK!! Ban blogs!!

    Oh wait, the majority of the US public already want to [slashdot.org] :-).

  • What is the import of this? (Score:3, Insightful)

    by wwvuillemot (676894) on Friday April 15 2005, @08:39AM (#12243679) Homepage

    I am a bit baffled why this is news. How is this any different than any other attack via a web page? And how is a weblog any different than a vanilla web page? (That was meant an ironic, rhetorical question for those itching to answer that.) The techniques used to phish and to infiltrate a target machine via web pages are identical for weblogs ... since weblogs == web pages. (And yes, I do appreciate there are persons in the world who do not understand the two are the same.)

    How on earth can one conclude that blocking people from all weblogs will protect them? Unless you also block them from all web pages to boot, ie the entire world wide web.

    Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees.

    Can someone confirm this? Are you telling me companies actively track if a site is a weblog ... and if so lower the security precautions for it?

    I am a bit disappointed that BBC reported this article. Talk about FUD.

  • "The BBC has a story which indicates that filtering firm Websense believes at least 200 fake blogs are in existence which have malicious code that could infect your PC, provided you run Microsoft Windows and Internet Explorer. Windows users utilizing Mozilla, Firefox, Opera, or other browsers are not affected nor are the users of Linux, BSD, BeOS (both of them), and any version of MacOS."

    Why is anyone still using Internet Explorer? Even if the only browser your bank's site supports is IE, don't use it. Ju

  • It's the people that are getting mentally infected by blogs.

    Blogs are enabling rare fringe people to come together in communities unlike ever before.

    Society is becoming different because of these of communities that reinforce and develop their special culture using blogs.

    Expect many failures of these communities, but also expect a few to produce flourishing growth of ideas that might spread into the non-blogging world.

    • Re:Other than Corporations.. (Score:5, Funny)

      by lottameez (816335) on Friday April 15 2005, @08:57AM (#12243814)
      According to the emails *I* get, bored housewives are not looking at blogs at all. They'd much rather meet with me when their husbands are out of town. (this internet thing is *really* something)

      • Re:Other than Corporations.. (Score:4, Funny)

        by Slashcrap (869349) on Friday April 15 2005, @09:11AM (#12243923)
        According to the emails *I* get, bored housewives are not looking at blogs at all. They'd much rather meet with me when their husbands are out of town.

        What? You get those too?

        I though it was just my hot cock they were after.

        I'm feeling rather depressed all of a sudden.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.