Blogger System Sites Used for Phishing 33
jimbojw writes "In a recent security advisory Fortinet is reporting that due to Blogger's popularity, hackers have started to embed malicious scripts on some blogs. 'These scripts have shown up on hundreds of Blogger.com sites. In some cases, a variant of the Stration mass mailer is responsible for directing traffic to the Blogger.com sites.' CNET reports on the situation, quoting an unnamed Google representative as saying 'These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service. We are investigating, and blogs found to include malicious code or promote phishing will be deleted.' The blogs in question use meta or JavaScript redirection to push traffic to a phishing or malware site. Links to the blogs are subsequently mass-mailed by infected visitors — typically via worms in the Stration family. We can only hope that this will not cause Google to remove Blogger.com's templating engine — which is both a source of its strength, and a potential liability as illustrated by these recent attacks."
They did what? (Score:5, Insightful)
Anybody home, McFly?
Re:They did what? (Score:2, Insightful)
Re:They did what? (Score:2, Insightful)
If you find a way to do that, you will also have solved the halting-problem, in other words, that is nearly impossible to do.
There is only one way which might be safe, supply finished javascript functions to the users to use and make it impossible to define new functions. Even that might be dangerous.
Re:That's a STRENGTH? (Score:1, Insightful)
They often redirect to sites that pay for click traffic.
My best guess is that there are about 50.000 blog spot blogs doing this, although Google, after months, seems more serious at cleaning this shit up.