Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Hits Blogger Network

Posted by CowboyNeal on from the ridin'-the-storm-out dept.

ancientribe writes "Researchers have discovered the Storm Trojan nestled in hundreds of blog sites in Google's Blogger network, according to an article in Dark Reading. And this isn't simple comment spam, but actual blogs that post spam, and now, Storm executable files. A researcher who's been tracking the Storm-infested blog sites says he's working with Google to clean up this latest appearance of Storm."

5 of 89 comments (clear)

  1. Google does not terminate spammers. by Anonymous Coward · · Score: 4, Interesting

    72.14.207.191 (blogger.com) is listed in the Spamhaus SBL for their inability or unwillingness to terminate spamvertised blogspot sites. This has been an issue for months.

    "Thousands upon thousands of *.blogspot.com pages, all spammed and used to re-direct to other spammer landing pages"

  2. Re:Ballmer's Revenge? by dedazo · · Score: 3, Interesting

    Oh, they know it's a M$ born disease

    That's quite the glib statement, considering that worm requires so much user action (or inaction, depending on how you look at it) to infect a Windows box, it's not even funny.

    How many years do you think it will take before some court proves this was intentional?

    Are you serious?

    Oh, wait a minute... *slaps head* "Erris" is twitter's sockpuppet account, which he uses to shill his own posts.

    I thought this looked familar.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  3. Re:Sad... by DaSilva_XiaoPuTao · · Score: 2, Interesting

    As for the browser vulnerability, nope, sorry, read TFA. It's the exact same thing as the email "virus" -- it just has Youtube links to an exe file. Are you sure about that? I just downloaded one of the said pages that the emails link too, and looking at the source its got a massive javascript script, with what looked like to me as some exploit code. If this is the case and it is indeed an exploit allowing auto execution, then really I can't call someone stupid for falling for it, just ignorant.

    With regards to the forced computer training, much like driving training people must get to drive a car, I agree, I think it would be a great idea. However, honestly I don't think its ever going to happen, so I cba to discuss it as a solution.

    And I really have to say, I hate the belittling of PC ignorant people. Sure its frustrating, but generally its not because of stupidity but lack of knowledge, and an anxiety around computers.
    I can relate slightly, my first day working on a till a few years back I got scammed by a couple who confused the hell out of me swapping cash & change around. They made off with roughly $10. I felt stupid at the time, but I wasn't. They had deliberately set out to swindle me, and I wasn't prepared. Most people are aware they shouldn't open .exe or weird attachments, but most people I know who aren't tech savy are constantly forwarding around links to funny videos/pictures. Very few consider following links to be a big no no.

    Eh, this has turned into a rant, but all I'm saying is, people who get infected with malware, are not always idiots, just ignorant.
  4. What "so much user action"? by khasim · · Score: 1, Interesting

    That's quite the glib statement, considering that worm requires so much user action (or inaction, depending on how you look at it) to infect a Windows box, it's not even funny.

    Here are the steps to infect a Windows box.

    #1. Receive email with link to infection site.
    #2. Click on link to infection site.
    #3. There is no step #3. You're probably infected already.

    Sure, in some circumstances they'll have to download a .exe to actually get infected. If they've maintained their patches. But the people who would be doing that probably wouldn't run an unknown .exe, would they?

    This is EXACTLY the kind of exploit that was brought up back during the Netscape trial where Microsoft claimed it was a good idea to merge the browser with the OS.
  5. Re:They have no idea? by Anonymous Coward · · Score: 5, Interesting

    The guy saying "I have no idea" isn't an employee of Google/Blogger, he's just the guy on the outside saying he doesn't know how.

    I'm on the outside also, but can tell you how. Blogger has a mail2 feature where you can post to an email address that you make up, and keep secret. Like a password. With users who makeup easy mail2 addresses (then don't monitor or abandon their blogs), and millions of emails being sent by the Storm BotNet, not hard to figure out how they are getting posted. Eventually the botnet hits them, just like they do with regular email addresses, and they get posted to the blog.

    And also note, the summary is misleading somewhat. The actual files that do the "infection" aren't hosted on Blogger at all. The same thing that is getting sent to peoples emails are being posted to blogs that leave their mail2 address open and easy. So you still have to fall for the click here to get infected...

    This has been going on for awhile. I first saw it at least 2 months ago. It may be increasing, but not new.