Blogs Latest Source of PC Infection

smooth wombat writes "The BBC has a story which indicates that filtering firm Websense believes at least 200 fake blogs are in existence which have malicious code that could infect your pc. Websense said it had seen examples of some computer criminals creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail. Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees." From the article: "In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use."

Beyond my understanding

[PinkX]

How could a blog site - or whatever kind of site for that matter - host and run keylogging software?

Re:Beyond my understanding

[bersl2]

Storage space + bandwidth + gullable users: that's all anyone needs to do this.

Social engineering seems to be the key

[erick99]

"The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."

The brighter criminals seem to understand that this well and more and more scams are less about clicking on something than it is about convincing someone to provide their SS#, banking info, etc.

Re:Suppression

[jobugeek]

Websense is like any other piece of enterprise software. It's only as good as the people configuring it. I've deployed it and it has its uses. I sat down with management and discussed what they was off-limits and what was deemed ok and what was grey area.

Websense allows for a lot of configuration, but I imagine many companies just deploy it and leave it stock.