Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Hits Blogger Network

Posted by CowboyNeal on from the ridin'-the-storm-out dept.

ancientribe writes "Researchers have discovered the Storm Trojan nestled in hundreds of blog sites in Google's Blogger network, according to an article in Dark Reading. And this isn't simple comment spam, but actual blogs that post spam, and now, Storm executable files. A researcher who's been tracking the Storm-infested blog sites says he's working with Google to clean up this latest appearance of Storm."

7 of 89 comments (clear)

  1. They have no idea? by deftcoder · · Score: 1, Insightful

    "I have no idea how they are doing this."

    Sounds like somebody should be out of a job. Incompetence of this magnitude should not be tolerated.
    --
    Peace sells, but who's buying?
    1. Re:They have no idea? by saxoholic · · Score: 3, Insightful

      I disagree. I don't think that's incompetence. It's an honest admission that more investigating is needed to determine the way these blogs are being infected. Would you prefer them to make up an incorrect hypothesis as to how they're doing this?

  2. Passing Fad by Anonymous Coward · · Score: 5, Insightful

    Two articles about 'blogging' in a row. I really hope this isn't what my generation will be known for.

  3. Re:Sad... by LordSnooty · · Score: 3, Insightful

    Note: This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here.
    And I'm afraid there's your problem right there - the kind of error message which 80% of computer users, ie the naive ones, pay no attention to whatsoever. They either ignore it completely or try and understand what it means but give up. Average people don't know what HTML is, nor what effect an HTML message could have. It's this barrier of misunderstanding which good software needs to negotiate. I'm afraid that's a poor error message.
  4. Re:Sad... by Opportunist · · Score: 3, Insightful

    And even if all those auto infections run into the ground, how many will click "allow" when you promise them some pr0n?

    People are dumb and horny. Not necessarily in this order.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Re:Sad... by Grismar · · Score: 2, Insightful

    What users "should" know is completely irrelevant. (not even touching on the fact that it's only what you happen to think they should know, no exactly popular opinion, but that's not the issue here)

    If they "should" know, but don't, the shit is still going to hit the fan. Sadly, we software engineers have to consider what a user is likely to know and build from there. Which is exactly what these Storm authors have done and what these blogging software designers should have done.

    And yes, I think the designers -should- have and I feel justified in saying so, since the responsibility lies with the designers here. Just writing a nice little bit in the license agreement is not enough to wave that responsibility in my book. Maybe legally so, but not morally.

  6. Re:Sad... by Sancho · · Score: 3, Insightful

    That's what IE7 on Vista does. But it's hard to sandbox "download and run this EXE for me, please" after the user has requested it, clicked ok, clicked "Yes I'm sure", and clicked "I trust this executable, now run it already!"

    It's social engineering, and it will always work until/unless we remove control of computers from the users. That's not a solution I'm personally willing to endorse. How about you?