Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blogs Latest Source of PC Infection

Posted by Zonk on from the watch-where-you-surf dept.

smooth wombat writes "The BBC has a story which indicates that filtering firm Websense believes at least 200 fake blogs are in existence which have malicious code that could infect your pc. Websense said it had seen examples of some computer criminals creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail. Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees." From the article: "In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use."

43 of 170 comments (clear)

  1. Websense == Bad by maotx · · Score: 5, Funny

    WEBSENSE filters legit sites!

    --
    I'm a virgo and on Slashdot. Coincidence? Yes.
    1. Re:Websense == Bad by Stick_Fig · · Score: 4, Funny

      Who wants to take a bet that Websense is making this up just to ban blogs?

      --
      ShortFormBlog: Writing a little. Saying a lot.
    2. Re:Websense == Bad by bcmm · · Score: 2, Funny

      Well, yes.

      At my Sixth Form, Websense will sometimes give the catagory of banned page as "Alternative Journals", a bit more questionable than the "Bad taste" catagory.

      --
      # cat /dev/mem | strings | grep -i llama
      Damn, my RAM is full of llamas.
    3. Re:Websense == Bad by justforaday · · Score: 2, Funny

      Too bad I can't see the site...

      Your organization's Internet use policy restricts access to this web page at this time.

      Reason:

      The Websense category "Tasteless" is filtered.

      --
      I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  2. Beyond my understanding by PinkX · · Score: 2, Informative

    How could a blog site - or whatever kind of site for that matter - host and run keylogging software?

    --
    Articulos para gente geek: Poleras, linux, libros y mas
    1. Re:Beyond my understanding by bersl2 · · Score: 4, Informative

      Storage space + bandwidth + gullable users: that's all anyone needs to do this.

    2. Re:Beyond my understanding by Freexe · · Score: 5, Insightful
      If you like to make a post please enter:

      username:_________

      password:_________


      Thank you, I'm sure you use the same username/password for all your accounts and now i have access! HAHAHA

      --
      "In a time of universal deceit - telling the truth is a revolutionary act." - George Orwell
    3. Re:Beyond my understanding by The+Ultimate+Fartkno · · Score: 2, Funny

      What do you expect when there's a back door like *that* on your site?

  3. So... by Skye16 · · Score: 5, Funny

    So basically they're saying there are now webpages that exist to infect your computer with malicious code through various browser security holes? Huh. Imagine that. I never would have thought that to be possible.

    Dot dot dot.

    1. Re:So... by Pac · · Score: 2, Funny

      I, for one, think this security guys are too paranoid. Next they will say the innocent attachments strangers keep sending me in my email messages will harm my computer. What about having some faith in people's good intentions?

  4. Wow by Anonymous Coward · · Score: 5, Funny

    ... as if the fact they're largely written by self-important bores wasn't reason enough to avoid blogs and bloggers.

    1. Re:Wow by orangesquid · · Score: 2, Funny

      People? I thought they were written by computer programs!

      Seriously, I thought were already some form of worm. User surfs web, is infected by code. Code signs up for an account under the user's name and starts posting lots of "omg lol w00t" garbage intermixed with copies of itself. I mean, nobody really WRITES like that, right? It HAS to be some sort of glitch...

      --
      --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
  5. Suppression by tankenator · · Score: 5, Interesting

    Is this really the case, are is it yet another attempt by corporations to subtly supress their employee's reading habits???

    1. Re:Suppression by alnjmshntr · · Score: 5, Interesting

      I would say it's another attempt by Websense to sell more product. Haven't we seen this all before from Symantec/Mcafee et al, scaring the masses into buying their product?

      --
      If I had created the world I wouldn't have messed about with butterflies and daffodils. I would have started with lasers
    2. Re:Suppression by OhPlz · · Score: 5, Insightful

      Seems more like a case of the BBC trying to publish an article with a buzzword in it.

      A responsible journal would have gone on to say that any web site, not just a blog, could potentially attempt the same sort of behavior. This isn't anything new and has nothing much at all to do with blogging.

      Actually.. why am I blaming the BBC? It made the front page here..

    3. Re:Suppression by justforaday · · Score: 4, Interesting

      Is this really the case, are is it yet another attempt by corporations to subtly supress their employee's reading habits???

      Well, being an employee of a company that uses WebSense's filtering product, there is absolutely nothing subtle about it. Hell, at one point linux.slashdot.org was blocked due to being a freeware/shareware distribution point (along with getfirefox.com - still blocked)! Of course this all comes down to how the company has set it up. And nevermind that our braindead IT department blocks webmail as a major security vector, but then has all of us running as admin, with improperly secured share points on many of the machines (earlier today I noticed that anyone can mount the C drive of the main gov't affairs machine here)...Alright, enough of my ranting for now. IE vulnerabilities grumble grumble grumble...

      --
      I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
    4. Re:Suppression by wfberg · · Score: 2, Interesting

      Websense is blocking too much and yet too little. Now, that's bad in all sorts of ways. If you're being blocked and think you shouldn't (blocking gay rights pages as porn etc.) you're being slandered basically. If you bought the product, it's giving you a false sense of security. That's all websense's doing.

      But in your case, unless you installed websense yourself, you're probably being forced by your employer into using it. That makes them the "fuckheads", not websense. If all companies would stop using websense, they'd go bankrupt, and the world would be a better place. So don't complain to websense, or other censorware vendors, complain to your fuckhead boss.

      --
      SCO employee? Check out the bounty
    5. Re:Suppression by jobugeek · · Score: 2, Informative
      Websense is like any other piece of enterprise software. It's only as good as the people configuring it. I've deployed it and it has its uses. I sat down with management and discussed what they was off-limits and what was deemed ok and what was grey area.

      Websense allows for a lot of configuration, but I imagine many companies just deploy it and leave it stock.

      --
      I'm not drunk, I just have a speech impediment. And a stomach virus. And an inner ear infection.
  6. Only 200? by Alibloke · · Score: 5, Interesting

    This doesn't seem to be a great deal of sites, after RTFA I now know there are around 8 million blogs and only 200 are infected.

    Personally I'll take my chances........

    1. Re:Only 200? by Anonymous Coward · · Score: 2, Funny

      You've confused the word "infected" with the phrase "worth reading"

  7. Much Like Phishing by XFilesFMDS1013 · · Score: 2, Interesting

    Only they use a fake webpage to install shit, rather then using a fake webpage to take your info. The ideas the same though, most people on the web (or at least those just on it for the blogs) don't really know the difference between what looks like a professional page, and what IS a professional page. More wide spread education about the dangers of what can be found on the internet really needs to happen.

  8. So if the blog says.... by GPLDAN · · Score: 5, Funny

    If the blog you are reading says...
    "Today, I went with Billy and Johnny, and we went to the farm and saw a cow. It was a big cow! Download this program and it will show you how big the cow was!" ... you probably shouldn't download the code.

    If the blog purports to be from some p0rnster, and the blog says "download this cool active X control, it will let you see all these hot pix I took at the club last night"... you probably shouldn't install the control.


    Ok, I think I got it.

    1. Re:So if the blog says.... by XFilesFMDS1013 · · Score: 4, Funny

      But how are we supposed to view the hot pix that he took last night?

  9. .0025%? by mwkaufman · · Score: 3, Interesting

    So there are 200 fake blogs among 8,000,000 that were drawn up with malicious code and this is a story? I'm sure there are far more websites out there that aren't blogs with malicious code. All it comes down is protecting your computer the way you prevent anything bad from happening, by not being stupid about it. 200 is a drop in the bucket when it comes to the blogging community.

    1. Re:.0025%? by ergo98 · · Score: 5, Insightful

      So there are 200 fake blogs among 8,000,000 that were drawn up with malicious code and this is a story?

      The story is that blogs are dangerous. Blogs are the tool of the devil, and they will install keyloggers, spy through your webcam, and solicit your children. Blogs are the tools of criminals and miscreants.

      Good people should stay away from blogs and instead obtain all of their entertainment and information from the large corporate media outlets.

  10. Social engineering seems to be the key by erick99 · · Score: 3, Informative
    "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."

    The brighter criminals seem to understand that this well and more and more scams are less about clicking on something than it is about convincing someone to provide their SS#, banking info, etc.

    --
    http://www.busyweather.com/
  11. What's the problem? by LegendOfLink · · Score: 4, Insightful

    Maybe the problem isn't that the fake blogs are carrying malicious code; rather that the browsers (coughIEcough) being used to surf the fake sites aren't secure enough.

    Malicious websites will always be around; however, if we try and educate the public about security, they'll be rendered useless.

    --
    IGB: More fun than eating oatmeal!
  12. Competition anyone? by BKuhl · · Score: 5, Interesting

    Let see... The mainstream news is reporting "Don't go read the blogs or your PC will crash and burn." Does anyone else find it curious that blogs are one of the more potent competitors the the mainstream news in recent time?
    They couldn't be trying to discredit the competition?

    1. Re:Competition anyone? by sellin'papes · · Score: 3, Insightful
      Interesting point. News media has been failing to report fair and balanced news in recent years. This has led to the masses of documentaries being released, because documentaries are free to probe and investigate the issues to their full extent (without media restrictions).

      It seems that blogs are another offshoot of the failure of mainstream media. The blog Baghdad Burning: http://riverbendblog.blogspot.com/ provides insight into the Iraq war that inbedded journalists have missed.

      --
      This is my last post.
      [6th Estate]
  13. Blogs or websites? by delymyth · · Score: 5, Insightful

    I do have a blog, or at least people call it a blog.
    What I'm asking myself right now, reading this article is...
    "What's the difference between a blog and a website?"
    I mean, how could a proxy know it's a blog?
    It can't, unless you talk about blogs hosted on big blogger networks.
    But I'm not the only one having a blog on another hosting service, with my own domain and so on.
    The same could happen with "personal home pages", the problem is, as usual, people click on anything that seems interesting, without checking the website where they'll end.

    It's always a matter of Social Engineering, users have to be educated I think...

    --
    -- Personal Blog: http://www.delymyth.net/ (italian)
    1. Re:Blogs or websites? by daveschroeder · · Score: 3, Interesting

      Because apparently everything is a blog now, when it's convenient.

      For example, we used to call Think Secret and AppleInsider "news web sites" or "mac rumor sites". Apparently they're now "blogs".

      And yes, I realize that a "blog" IS a "web site", but my point is, aren't we going a little overboard on calling things "blogs"? Think Secret only started being a blog when people wanted to trumpet the cause of "blogger's rights" and thought it was some huge case about free speech and whether bloggers can be considered "journalists".

      Unfortunately, it backfired, because the judge acknowledged that bloggers CAN INDEED be journalists, and they also have the same free speech and press rights as anyone else. But they also can't obtain information in violation of existing statutes.

    2. Re:Blogs or websites? by arodland · · Score: 2, Interesting

      It's just a bunch of gobbledygook. "Storage lockers"? Um, yeah. Blogs having some special property that renders virus scanners inoperative? Not last time I checked. Really, I don't see any sense in the whole thing besides "hey guys, there's some adware and stuff on blogs now." "hey, thanks for the heads-up, I guess that had to happen eventually."

  14. huh? by Anonymous Coward · · Score: 3, Funny

    how do these blogs get outside the browser sandbox?

    publishing this sort of rubbish should be punished.

  15. Linux still not ready for the desktop by deacon · · Score: 3, Funny
    This is another example of the lack of compatability that is preventing Linux from being successful on the Desktop.

    Lacking the broad compatibility of Windows to run any executable at any time without pestering the user, Linux will slowly fall out of favor as the more "user friendly" Windows proves yet again that everthing "just works".

    Developers must get their act together to make Firefox compatible with these soon -to-be mainstream methods of allowing users to update their PCs without worrying their little heads over such arcane details as "what does this application do?"

    Until Linux can match Windows in this kind of ease of use, I'll have to stop using FC3 and Firefox and upgrade to XP and IE.

    Note to mods: This post contains sarcasm. Do not eat.

    1. Re:Linux still not ready for the desktop by matt+me · · Score: 2, Funny

      ha ha, i'm too in firefox on fedora core 3, and yes, it's tough.

      me, i tried everything to get infected. i tried an ActiveX plugin for Firefox, i tried running IE through Wine - still nothing very nasty.

      in the end i wrote a perl script to open random double click ads in lynx.

  16. Glass houses by guet · · Score: 5, Funny

    yeah, I know, I read this site because it's written by humble yet well-informed and interesting people, who are careful not to make generalisations.

    1. Re:Glass houses by wootest · · Score: 4, Funny

      I personally NEVER make generalisations, and I'm convinced everyone else here doesn't either.

  17. Ban them!!!1 by pwroberts · · Score: 2, Funny

    QUICK!! Ban blogs!!

    Oh wait, the majority of the US public already want to :-).

  18. What is the import of this? by wwvuillemot · · Score: 3, Insightful

    I am a bit baffled why this is news. How is this any different than any other attack via a web page? And how is a weblog any different than a vanilla web page? (That was meant an ironic, rhetorical question for those itching to answer that.) The techniques used to phish and to infiltrate a target machine via web pages are identical for weblogs ... since weblogs == web pages. (And yes, I do appreciate there are persons in the world who do not understand the two are the same.)

    How on earth can one conclude that blocking people from all weblogs will protect them? Unless you also block them from all web pages to boot, ie the entire world wide web.

    Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees.

    Can someone confirm this? Are you telling me companies actively track if a site is a weblog ... and if so lower the security precautions for it?

    I am a bit disappointed that BBC reported this article. Talk about FUD.

  19. Re: appologies to Jeff Foxworthy by HomerJayS · · Score: 2, Funny
    If the blog purports to be from some p0rnster, and the blog says "download this cool active X control, it will let you see all these hot pix I took at the club last night"... and you install the control...

    You might be a dumbarse!

  20. Re:Other than Corporations.. by lottameez · · Score: 4, Funny

    According to the emails *I* get, bored housewives are not looking at blogs at all. They'd much rather meet with me when their husbands are out of town. (this internet thing is *really* something)

    --
    Yeah? Well I think you're overrated too.
  21. Re:Other than Corporations.. by Slashcrap · · Score: 4, Funny

    According to the emails *I* get, bored housewives are not looking at blogs at all. They'd much rather meet with me when their husbands are out of town.

    What? You get those too?

    I though it was just my hot cock they were after.

    I'm feeling rather depressed all of a sudden.

  22. Anything to Make the Public Think Blogs Are Bad by Horrortaxi · · Score: 2, Insightful

    Websebse making a big deal about blog bugs should be taken about as seriously as Symantec making a big deal about cell phone or Macintosh viruses. At best it's self-serving.

    But there's something bigger that really bugs me: Websense is part of that big conglomeration known as "them" or "they". Sometimes it's hard to tell where the government stops and "they" start. The American media is another big member of "them" and blogs are a threat. So "they" have to do whatever they can to steer people away from them--make it unclear what exactly a blog is, tell people their computers will get viruses if they read blogs, censor their content--we'll hear more in the next few months I'm sure.

    Those in control are just trying to draw devil horns on blogs so that they can stay in control.