These fake entries feature links to “booby-trapped downloads that could infect a Windows PC.” The links may be disguised as links to greeting cards or YouTube videos. Infected computers are being mind for “saleable data” or being leveraged to commit further attacks.
“The criminals responsible for this spam campaign are experts at exploiting social engineering to propagate their botnets,” said Bradley Anstis from security firm Marshal.
The spam messages have been changed to capitalise on news events and the viral payload has been updated many times to fool anti-virus programs.
The unsafe links were first noticed on Monday by a researcher for Sunbelt Systems, and have since spread to hundreds of blogs. Google is unsure how the hackers are accessing the blogs, though Alex Eckelberry, the researcher that first noticed the attacks, postulated that they’re either using splogs dedicated to these attacks or using the e-mail to post feature.
The group suspected to be behind this attack has executed a series of attacks throughout this year. The BBC reports that “Some suspect that the group has infected more than one million PCs over the last eight months.”
So if you find yourself on a Blogspot blog over the next few days, think twice before clicking on that link!