Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Hits Blogger Network

Posted by CowboyNeal on from the ridin'-the-storm-out dept.

ancientribe writes "Researchers have discovered the Storm Trojan nestled in hundreds of blog sites in Google's Blogger network, according to an article in Dark Reading. And this isn't simple comment spam, but actual blogs that post spam, and now, Storm executable files. A researcher who's been tracking the Storm-infested blog sites says he's working with Google to clean up this latest appearance of Storm."

4 of 89 comments (clear)

  1. Passing Fad by Anonymous Coward · · Score: 5, Insightful

    Two articles about 'blogging' in a row. I really hope this isn't what my generation will be known for.

    1. Re:Passing Fad by Opportunist · · Score: 5, Funny

      Relax. You can't be worse off than the Disco generation.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Sad... by SanityInAnarchy · · Score: 5, Informative

    The sad part is, from what I've seen and heard, this Storm "virus" does need human intervention.

    It doesn't do anything technically new. The only thing new here is the particular brand of social engineering used, and it bothers me that this still works.

    --
    Don't thank God, thank a doctor!
  3. Re:They have no idea? by Anonymous Coward · · Score: 5, Interesting

    The guy saying "I have no idea" isn't an employee of Google/Blogger, he's just the guy on the outside saying he doesn't know how.

    I'm on the outside also, but can tell you how. Blogger has a mail2 feature where you can post to an email address that you make up, and keep secret. Like a password. With users who makeup easy mail2 addresses (then don't monitor or abandon their blogs), and millions of emails being sent by the Storm BotNet, not hard to figure out how they are getting posted. Eventually the botnet hits them, just like they do with regular email addresses, and they get posted to the blog.

    And also note, the summary is misleading somewhat. The actual files that do the "infection" aren't hosted on Blogger at all. The same thing that is getting sent to peoples emails are being posted to blogs that leave their mail2 address open and easy. So you still have to fall for the click here to get infected...

    This has been going on for awhile. I first saw it at least 2 months ago. It may be increasing, but not new.