Blogs Latest Source of PC Infection 170
smooth wombat writes "The BBC has a story which indicates that filtering firm Websense believes at least 200 fake blogs are in existence which have malicious code that could infect your pc. Websense said it had seen examples of some computer criminals creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail. Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees." From the article: "In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use."
Websense == Bad (Score:5, Funny)
Re:Websense == Bad (Score:4, Funny)
Re:Websense == Bad (Score:3, Funny)
At my Sixth Form, Websense will sometimes give the catagory of banned page as "Alternative Journals", a bit more questionable than the "Bad taste" catagory.
Re:Websense == Bad (Score:2)
Re:Websense == Bad (Score:3, Funny)
Your organization's Internet use policy restricts access to this web page at this time.
Reason:
The Websense category "Tasteless" is filtered.
Beyond my understanding (Score:3, Informative)
Re:Beyond my understanding (Score:5, Informative)
Re:Beyond my understanding (Score:1)
Would you not want to click on something like "Do not click here [archive.org]."?
Re:Beyond my understanding (Score:1, Funny)
Re:Beyond my understanding (Score:3, Funny)
Re:Beyond my understanding (Score:5, Insightful)
username:_________
password:_________
Thank you, I'm sure you use the same username/password for all your accounts and now i have access! HAHAHA
Re:Beyond my understanding (Score:2)
Regards,
Re:Beyond my understanding (Score:2)
Re:Beyond my understanding (Score:2)
How could a blog site - or whatever kind of site for that matter - host and run keylogging software?
It has nothing to do with blogs themselves. Websense is just trying to cash in on the sudden popularity of blogs. The problem is with any free web hosting service.
When crackers subvert systems using browser exploits, they have to host those exploits on a web page. Since web hosting is inherently traceable--the hosting company has to have your payment details--this is tricky to do without getting caug
Re:Firey death to the intruders! (Score:2)
I also met attempts to install an
Other than Corporations.. (Score:1, Insightful)
I guess its bored Housewives that get caught by the virii
Re:Other than Corporations.. (Score:5, Funny)
Re:Other than Corporations.. (Score:4, Funny)
What? You get those too?
I though it was just my hot cock they were after.
I'm feeling rather depressed all of a sudden.
So... (Score:5, Funny)
Dot dot dot.
Re:So... (Score:3, Funny)
Wow (Score:5, Funny)
Glass houses (Score:5, Funny)
Re:Glass houses (Score:5, Funny)
Re:Glass houses (Score:1)
Re:Wow (Score:3, Funny)
Seriously, I thought were already some form of worm. User surfs web, is infected by code. Code signs up for an account under the user's name and starts posting lots of "omg lol w00t" garbage intermixed with copies of itself. I mean, nobody really WRITES like that, right? It HAS to be some sort of glitch...
Suppression (Score:5, Interesting)
re: suppression (Score:1)
that said: it's basically browser vulnerabilities. if you aren't patching & updating virus definitions, you're SOL anyway.
ed
Re:Suppression (Score:5, Interesting)
Re:Suppression (Score:5, Insightful)
A responsible journal would have gone on to say that any web site, not just a blog, could potentially attempt the same sort of behavior. This isn't anything new and has nothing much at all to do with blogging.
Actually.. why am I blaming the BBC? It made the front page here..
Re:Suppression (Score:5, Interesting)
Well, being an employee of a company that uses WebSense's filtering product, there is absolutely nothing subtle about it. Hell, at one point linux.slashdot.org was blocked due to being a freeware/shareware distribution point (along with getfirefox.com - still blocked)! Of course this all comes down to how the company has set it up. And nevermind that our braindead IT department blocks webmail as a major security vector, but then has all of us running as admin, with improperly secured share points on many of the machines (earlier today I noticed that anyone can mount the C drive of the main gov't affairs machine here)...Alright, enough of my ranting for now. IE vulnerabilities grumble grumble grumble...
Re: (Score:2)
Re:Suppression (Score:1, Troll)
Besides, they are at work to work, not to email their friends from their personal email accounts.
Re:Suppression (Score:2)
Or posting at Slashdot during working hours, right?
Re:Suppression (Score:2)
Re:Suppression (Score:2)
Re:Suppression (Score:2)
Re:Suppression (Score:3, Interesting)
But in your case, unless you installed websense yourself, you're probably being forced by your employer into using it. That makes them the "fuckheads", not websense. If all companies would stop using we
Re:Suppression (Score:3, Informative)
Websense allows for a lot of configuration, but I imagine many companies just deploy it and leave it stock.
Only 200? (Score:5, Interesting)
Personally I'll take my chances........
Re:Only 200? (Score:2, Funny)
Much Like Phishing (Score:2, Interesting)
Re:Much Like Phishing (Score:1)
You mean there are people who got on the Internet just to read blogs?
And yet, if you were to kill them, it would be you that got in trouble! The World's insane I tell you.
So if the blog says.... (Score:5, Funny)
"Today, I went with Billy and Johnny, and we went to the farm and saw a cow. It was a big cow! Download this program and it will show you how big the cow was!"
If the blog purports to be from some p0rnster, and the blog says "download this cool active X control, it will let you see all these hot pix I took at the club last night"... you probably shouldn't install the control.
Ok, I think I got it.
Re:So if the blog says.... (Score:4, Funny)
Re:So if the blog says.... (Score:2)
okay. stop right there. why the fuck would i *read* a web log?
Re:So if the blog says.... (Score:2)
Re:So if the blog says.... (Score:2)
Re:So if the blog says.... (Score:1)
Re:So if the blog says.... (Score:1)
CowPix (Score:2)
Re: appologies to Jeff Foxworthy (Score:2, Funny)
You might be a dumbarse!
.0025%? (Score:3, Interesting)
Re:.0025%? (Score:5, Insightful)
The story is that blogs are dangerous. Blogs are the tool of the devil, and they will install keyloggers, spy through your webcam, and solicit your children. Blogs are the tools of criminals and miscreants.
Good people should stay away from blogs and instead obtain all of their entertainment and information from the large corporate media outlets.
Re:.0025%? (Score:1)
Re:.0025%? (Score:1)
What about chat rooms? I hear you can talk to many well-informed and honest people in chatrooms. There is even intelligent debates going on right now in chat rooms across the globe!
Social engineering seems to be the key (Score:3, Informative)
The brighter criminals seem to understand that this well and more and more scams are less about clicking on something than it is about convincing someone to provide their SS#, banking info, etc.
Re:Social engineering seems to be the key (Score:1)
"The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."
The brighter criminals seem to understand this well and more and more scams are less about clicking on something than it is about convincing someone to provide their SS#, banking info, etc.
What's the problem? (Score:5, Insightful)
Malicious websites will always be around; however, if we try and educate the public about security, they'll be rendered useless.
Re:What's the problem? (Score:1)
Ah to be young an naive. <sigh>
No amount of education will ever convince enough of the general Internet users to:
stop executing malware of unknwown origins
buying stuff from spammers
The only way to keep people from doing stupid things is summary execution of said offenders to remove them from the gene pool. But, unfortunately, there are laws against that type of thing.
Re:What's the problem? (Score:2)
Please tell me you're running for President, because you'd definitely get my vote.
'warning... (Score:1, Interesting)
Competition anyone? (Score:5, Interesting)
They couldn't be trying to discredit the competition?
Re:Competition anyone? (Score:1)
Re:Competition anyone? (Score:1)
So why is it the MSM hates/is so afraid of the blogs? Anybody still remember the "guys in pajamas [google.com]" remark by Jonathan Klein, then of CBS? Indicative of the way the industry fears Powerline [powerlineblog.com], Instapundit [instapundit.com], Kos [google.com], etc.
Re:Competition anyone? (Score:1)
Re:Competition anyone? (Score:3, Insightful)
It seems that blogs are another offshoot of the failure of mainstream media. The blog Baghdad Burning: http://riverbendblog.blogspot.com/ [blogspot.com] provides insight into the Iraq war that inbedded journalists have missed.
Blogs or websites? (Score:5, Insightful)
What I'm asking myself right now, reading this article is...
"What's the difference between a blog and a website?"
I mean, how could a proxy know it's a blog?
It can't, unless you talk about blogs hosted on big blogger networks.
But I'm not the only one having a blog on another hosting service, with my own domain and so on.
The same could happen with "personal home pages", the problem is, as usual, people click on anything that seems interesting, without checking the website where they'll end.
It's always a matter of Social Engineering, users have to be educated I think...
Re:Blogs or websites? (Score:4, Interesting)
For example, we used to call Think Secret and AppleInsider "news web sites" or "mac rumor sites". Apparently they're now "blogs".
And yes, I realize that a "blog" IS a "web site", but my point is, aren't we going a little overboard on calling things "blogs"? Think Secret only started being a blog when people wanted to trumpet the cause of "blogger's rights" and thought it was some huge case about free speech and whether bloggers can be considered "journalists".
Unfortunately, it backfired, because the judge acknowledged that bloggers CAN INDEED be journalists, and they also have the same free speech and press rights as anyone else. But they also can't obtain information in violation of existing statutes.
Re:Blogs or websites? (Score:2)
Are you seriously saying that people should check where the hyperlink leads to?
And you seriously think people will do this when you tell them?
HahahahaAHAAH no really HAHAHAHAHAHAHAHA
I'm sorry but this is modded insightful? I have modpoints to put it on overrated, but this is just so funny. Well, not really.
Re:Blogs or websites? (Score:1)
I mean, if someone sends a linux user (at home, with root logged in, of course) a shell script with a simple "rm -rf
I'll never defend people blind-clicking on every single "interesting" attachment or link they receive, sorry.
Internet Culture is too low nowadays, and this is in my opinion the first cause for virus
Re: (Score:2)
Re:Blogs or websites? (Score:1)
And I know plenty of people who click on "yes" on every single dialog they see.
Re: (Score:2)
Re:Blogs or websites? (Score:3, Interesting)
huh? (Score:3, Funny)
publishing this sort of rubbish should be punished.
Linux still not ready for the desktop (Score:3, Funny)
Lacking the broad compatibility of Windows to run any executable at any time without pestering the user, Linux will slowly fall out of favor as the more "user friendly" Windows proves yet again that everthing "just works".
Developers must get their act together to make Firefox compatible with these soon -to-be mainstream methods of allowing users to update their PCs without worrying their little heads over such arcane details as "what does this application do?"
Until Linux can match Windows in this kind of ease of use, I'll have to stop using FC3 and Firefox and upgrade to XP and IE.
Note to mods: This post contains sarcasm. Do not eat.
Re:Linux still not ready for the desktop (Score:1)
Re:Linux still not ready for the desktop (Score:2, Funny)
me, i tried everything to get infected. i tried an ActiveX plugin for Firefox, i tried running IE through Wine - still nothing very nasty.
in the end i wrote a perl script to open random double click ads in lynx.
Who really bothers reading that crap anyways? (Score:1)
Re:Who really bothers reading that crap anyways? (Score:1, Funny)
Re:Who really bothers reading that crap anyways? (Score:1)
Ban them!!!1 (Score:2, Funny)
QUICK!! Ban blogs!!
Oh wait, the majority of the US public already want to [slashdot.org] :-).
Increased threat? (Score:1)
If not, why the hell is this news worthy.
Re:Increased threat? (Score:1)
Why are blogs any different to normal pages in the filtering respect?
What is the import of this? (Score:3, Insightful)
I am a bit baffled why this is news. How is this any different than any other attack via a web page? And how is a weblog any different than a vanilla web page? (That was meant an ironic, rhetorical question for those itching to answer that.) The techniques used to phish and to infiltrate a target machine via web pages are identical for weblogs ... since weblogs == web pages. (And yes, I do appreciate there are persons in the world who do not understand the two are the same.)
How on earth can one conclude that blocking people from all weblogs will protect them? Unless you also block them from all web pages to boot, ie the entire world wide web.
Can someone confirm this? Are you telling me companies actively track if a site is a weblog ... and if so lower the security precautions for it?
I am a bit disappointed that BBC reported this article. Talk about FUD.
Re: (Score:1)
Re:Loading it with viral code? (Score:2)
The blog angle is a bit of a red herring. Drive-by download attacks can happen on any web page, not just blog web pages. There are two phenomena going on with respect to blo
Blogs aren't really the problem... (Score:1, Insightful)
"Users were urged to keep anti-virus and patches up to date, regularly scan machines with anti-spyware products and exercise caution when reading unsolicited messages sent via e-mail or instant messenger."
C'mon, people...This stuff should be habit by now.
Fixing the Summary (Score:2)
Why is anyone still using Internet Explorer? Even if the only browser your bank's site supports is IE, don't use it. Ju
Re:Fixing the Summary (Score:2)
link me (Score:1)
can we plz get a link?
Forget the PCs (Score:2)
It's the people that are getting mentally infected by blogs.
Blogs are enabling rare fringe people to come together in communities unlike ever before.
Society is becoming different because of these of communities that reinforce and develop their special culture using blogs.
Expect many failures of these communities, but also expect a few to produce flourishing growth of ideas that might spread into the non-blogging world.
Anything to Make the Public Think Blogs Are Bad (Score:2, Insightful)
But there's something bigger that really bugs me: Websense is part of that big conglomeration known as "them" or "they". Sometimes it's hard to tell where the government stops and "they" start. The American media is another big member of "them" and blogs are a threat. So "they" have to do whatever they can to steer people away from
Scare tactics (Score:1)
Stop using credit cards to shop online (Score:1)
2) Do not store any sensitive data like your personal information and bank account details on the computer if possible. And if you do store it, make sure it is stored in encrypted form. There are numerous encryption softwares avai
Websense Filters (Score:1)
Oh know, 200 sites! Buy our software and we'll keep you safe!
I see dumb people (Score:1)
What about blog COMMENTS? (Score:2)
So my question is, could this sort of Javascript exploit be used to spread trojans/malware via other people's blogs using the comments sect
The real solution... (Score:2)
The solution is to use all those wonderful features that modern operating system
Ooooh. Be scared of Blogs, everybody. . ! (Score:2)
Fear=control.
Same bullshit, different day.
-FL