Google Blogger "Hosts 2% of World's Malware"

Barence writes "Google's Blogger service is responsible for 2% of the world's malware hosted on the Web, according to a new report from security firm Sophos. The company claims hackers are setting up pages on the free blogging service to host malicious code, or simply posting links to infected websites in other bloggers' comments. 'Blogger accounts for around 2% of malware,' according to Sophos's senior technology consultant, Graham Cluley. 'It's head and shoulders above the rest [of the blogging services].'" Sophos believes that Blogger is favored because, being part of Google, it gets spidered early and often.

A warning

[by Anonymous Coward]

When I installed Linux it asked me for my credit card number. Two days later I got a call from Wachovia asking me if I had purchased $400 worth of Totino's pizza rolls and Mountain Dew (I hadn't). Let this be a warning to all of you out there in the Internet.

Re:A warning

[thePowerOfGrayskull (905905)]

I have money in an offshore account left to me by my dying dog may he rest in Jesus' arms, $30,000,000 MILLION USD. Please act as my feduciary agent in moving this moneys safely onshore, and I shall with you share 10%, that is $10,000 THOUSAND USD.

Appropriate actions

[by Anonymous Coward]

Perhaps a good reason why blogging should be illegal.

Re:Appropriate actions

[Wiarumas (919682)]

Yeah, we should start a blog about that!

Re:

[nfk (570056)]

Funny. I know you're joking (I hope), but I can't tell whether it's the "blogging is stupid" joke, or the "since this technology can be used for evil, let's ban it" joke.

Re:Appropriate actions

[steelfood (895457)]

Why couldn't it be both?

Re:Appropriate actions

[Archangel Michael (180766)]

Because we all know that when blogging is a crime, only criminals will blog!

or something like that

Re:

[bsDaemon (87307)]

Serial killers anyway... they can't seem to resist the urge to brag.

Re:Appropriate actions

[Ihmhi (1206036)]

<NRA>Blogs don't spread malware, people spread malware.

Re:

[cmacb (547347)]

Quick, someone call Andrew Cuomo!

Re:

[Joebert (946227)]

Perhaps a good reason why blogging should be illegal.

Screw this freedom of speach crap, I'm moving to Cuba !

2%?

[commodoresloat (172735)]

Come on, Google bloggers, that's less than Apple's marketshare! Surely we can do better than that!! Let's get to work!!

Voggers

[C_Kode (102755)]

I host the other 98% on voggers.com ;)

Meanwhile...

[oahazmatt (868057)]

Meanwhile...

Cut to Steve Ballmer screaming at some programmers.
Ballmer: Two percent?
Programmer: Sir, we..
Ballmer: Two percent?! I told you twenty!
Programmer: We're trying. It's just...
Ballmer: Just what?
Programmer: There's so much other malware coming out, that it throws our percentages off.
Ballmer: Then hire them!
Programmer: Who? The malware authors?
Ballmer: Do you have a problem with that?
Programmer: I don't think it's ethical.
Ballmer: Tony Stark built this in a cave! With a bunch of scraps!
Programmer: ...what?

Googles name

[b4thyme (1120461)]

Part of it is probably google's good name that is attractive to malware hosts. As google "does no evil", people trust them. How could malware end up on a site hosted by a service that does no evil?

people think:
google = good
malware = evil
malware != google

profit for malware distributors!

Re:

[b4thyme (1120461)]

I don't know about that - the type of people who get malware are generally pretty clueless. For example, why would they know that "blogger.com" is part of Google?

I would assume because it has google's name on the main blogger.com page?

What, no evil comments yet?

[swordgeek (112599)]

"Don't be evil. Just host it."

Re:What, no evil comments yet?

[_Sprocket_ (42527)]

No kidding! If this was a Microsoft-hosted blogging service, there'd already be 20 posts about the lack of commentary if this were a Google-hosted service. Which it is. Which means there's not.

Profit.

Microsoft blogging service

[symbolset (646467)]

Microsoft isn't set to invent blogging until 2011, after including it as a LiveCloud application in Windows 7. By 3Q2011 you are all expected to offer some awed respect to the brilliant innovation of user generated content (patent pending). Guidance is the same for all of their products: stay away from version 1, even numbered and prime numbered versions, and every version before the first service pack.

Re:

[jgarra23 (1109651)]

Microsoft isn't set to invent blogging until 2011, after including it as a LiveCloud application in Windows 7. By 3Q2011
Don't forget that you will have the following versions:

MS Blog Starter (x32 only)
MS Blog Basic (x32 only)
MS Blog Home (x32 only)
MS Blog Home Premium (x32 and x64 editions available)
MS Blog Business (x32 and x64 editions available)
MS Blog Business Premium (x32 and x64 editions available)
MS Blog Pro (x32 and x64 editions available)
MS Blog Ultimate (x32 and x64 editions available)*

* denotes e

Re:What, no evil comments yet?

[Phurge (1112105)]

"Don't be evil. Just host it."

and serve ads to it

Re:

[Kugrian (886993)]

Hopefully their crawlers are advanced enough to display ads for Malware removal tools alongside the infected pages.

Maybe the site should be an IE free zone?

[schwit1 (797399)]

Isn't it the predominant conduit between the infected pages and the users? And ask people to upgrade to a secure browser with a links to Firefox, Opera and safari.

Google gets 2%

[xpuppykickerx (1290760)]

of the money I just inherited from this kind Nigerian Prince!

Blogspot is popular for spam redirects

[Animats (122034)]

Blogger is popular for spam redirects, because it's possible to turn a Blogger page into a redirect. Typical example: "Looking for a R0lex repl1ca? ... Where? At http://www.mitch83393.blogspot.com/ [blogspot.com]" (Google already got this one as a TOS violation, but they're throwaway blogs generated by programs. There will be a new one in a few minutes.) Spammers do this to get their message through filters that check for spam links.

This is a generic problem with Google's free services. Spammers and scammers now use GMail to get throwaway mail accounts, Blogger for an open redirector, YouTube to host advertising videos, AdWords to advertise scams, and Google Checkout to collect the money. It's full-service evil.

For the last two, Google has a business relationship, but doesn't seem to be validating their customers well enough. The use of Google Checkout for spam and attack tools is especially disturbing. Try, for example, searching for "craiglist posting" [google.com]. Note the ads with Google Checkout links. There, Google is an active participant in collecting the money and is profiting from the transaction.

I blame the people who make guns easily available

[PC and Sony Fanboy (1248258)]

Thats a poor argument. Take canada vs. usa - the climate is the same, most of the laws are similar... but gun control laws are drastically different, and canada has better social services.

... but canada also has a much MUCH lower incidence of gun-related crime.

do we blame the lack of social services in the states for the gun crime? Or perhaps the availability of the guns?

Re:

[Nightspirit (846159)]

Canada also has much lower immigration. You must either have a job that is in great demand, post-graduate education, or able to put down 400k to start a business. Meanwhile here in AZ we have so many people illegally crossing the border that we had to pass laws that make employers verify citizenship before they can be given job, or they lose their business license.

Re:

[cdrguru (88047)]

Yes, those mean Canadians not helping the poor, oppressed and disadvantaged Mexicans. Here in the US we welcome those poor, oppressed and disadvantaged folks with open arms. As you can tell from the way laws are enforced.

Of course, we are all in danger of becoming equally poor, oppressed and disadvantaged by allowing anyone and everyone to come here.

Re:I blame the people who make guns easily availab

[Bearpaw (13080)]

... but canada also has a much MUCH lower incidence of gun-related crime.

do we blame the lack of social services in the states for the gun crime? Or perhaps the availability of the guns?

Neither. It's Clinton's fault.

And the rest.....

[vigour (846429)]

The other 98% comes from here [microsoft.com]

Re:

[Spy der Mann (805235)]

The other 98% comes from here [microsoft.com]

That's an interesting question. How much of the world's malware is hosted on (and by hosted i mean stored in, not just linked from) end-user Windows PC's, how much of it on Windows servers, and how much on Linux computers? Is there any statistics about that?

The best part . . .

[greenreaper (205818)]

If you're subscribed to Google Alerts, and they post a malware-hosting blogger site with material you're watching for, it comes straight into your inbox. I've had this happen to me with spam copied from one of my own wikis. They seriously need to clamp down on the ability to redirect people automatically from Blogger.

yahoo email?

[thermian (1267986)]

Most of the time the scam mail I get has a yahoo email attached.
There are no innocents among free web service providers.

Popular blog site has some malware

[wattrlz (1162603)]

Podcast at 11.

Nigerian prince's blog

[Digestromath (1190577)]

Thank you for coming to my blog. I'm a Nigerian prince, and I'm seeking help freeing my millions of dollars from a frozen account. With all your help, I can slowly free my fortune, and give you a pretty fair share, tax free of course. See my latest post for the progress we've made! We're almost to my goal of freeing one millions dollars! Also my cat just turned 2 today, see my pictures for the awesome birthday party pics.

Hypocrisy

[Eric Smith (4379)]

On two occasions miscreants managed to inject links to malware into my site, and on each occasion Google nearly immediately started listing my site in search results as "this site may harm your computer", and no direct (clickable) link.

If Blogger is so full of malware or links to malware, why don't all the search results pointing to Blogger get the same warning and lack of link?

Way to go, PC Pro

[Cajun Hell (725246)]

Sophos says:

Blogger accounts for around 2% of malware," according to Sophos's senior technology consultant..
..
Sophos says it doesn't blame Google for the situation...

PC Pro's crack writers say:

Google's Blogger service is responsible for 2% of the world's malware hosted on the web

(Emphasis mine.) Journalism at its finest!

Market share

[Haxx (314221)]

    I'm curious to what the 2% number means when market share and region figures are factored in. I'll bet it doesn't mean much.

Newsflash! 2% of the Internet is where 2% of the hackers are!

Blacklisted ?

[Joebert (946227)]

On a serious note, I hope Google gets a handle on this situation before my blogspot blog becomes an innocent bystander on blacklists.

LOLWORMZ

[longacre (1090157)]

Thank goodness icanhascheezburger runs on WordPress.

Re:

[EveLibertine (847955)]

I'm still pretty sure that counts as malware.

2% Implies a known boundry

[jasonmanley (921037)]

In order to determine that it is 2% means that they would have to know exactly how much is out there in the first place - how would they know that?

Not the most exploited site

[Kurrel (1213064)]

I'd like to see what percentage of infections were facilitated through MySpace, but that would require omniscience just as this figure does.

Users or Malware Study?

[Prysorra (1040518)]

You're assuming its just the Malware's eyes they're after. Perhaps a study of the spread of Malware through Google would tell us something about their culture? Their will of course be somewhat disconnected clouds of competing bot swarms. Perhaps studying the shape of these clouds and how they choose to connect might help us combat their effectiveness?

Re:Users or Malware Study?

[ObsessiveMathsFreak (773371)]

Perhaps studying the shape of these clouds and how they choose to connect might help us combat their effectiveness?

Yes! I see it! They're like a pack of wolves! No, Wild Horses! Wait no, Camels. Ahhh! It's an avalanche! Run!

Re:

[by Anonymous Coward]

Furthermore,

or simply posting links to infected websites in other bloggers' comments

Does that mean that slashdot contains 76% of the world's goatse, simply because trolls post links to other servers hosting it on this site?

Perhaps Microsoft has 18.9% of the worlds child porn because it can be found by using their Windows Live search engine?

Re:

[mark72005 (1233572)]

or Windows because 99% of it can be found on Windows PCs.

Re:

[X0563511 (793323)]

My % is bigger than your %.

Re:

[HTH NE1 (675604)]

"Blogger accounts for around 2% of malware," according to Sophos's senior technology consultant, Graham Cluley.

Is this two percent a plurality?

"It's head and shoulders above the rest

Oh, apparently--

[of the blogging services]."

... not?

Does Sophos only survey blogs?

Re:

[atari2600 (545988)]

The blog was actually about American stupidity.