Posted August 30, 2007 3:38 pm by with 6 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

The BBC reports today that Google’s free blogging software, Blogger, is under attack from malicious spammers. According to the report, legitimate blogs are being hacked, with fake entries being added.

These fake entries feature links to “booby-trapped downloads that could infect a Windows PC.” The links may be disguised as links to greeting cards or YouTube videos. Infected computers are being mind for “saleable data” or being leveraged to commit further attacks.

“The criminals responsible for this spam campaign are experts at exploiting social engineering to propagate their botnets,” said Bradley Anstis from security firm Marshal.

The spam messages have been changed to capitalise on news events and the viral payload has been updated many times to fool anti-virus programs.

The unsafe links were first noticed on Monday by a researcher for Sunbelt Systems, and have since spread to hundreds of blogs. Google is unsure how the hackers are accessing the blogs, though Alex Eckelberry, the researcher that first noticed the attacks, postulated that they’re either using splogs dedicated to these attacks or using the e-mail to post feature.

The group suspected to be behind this attack has executed a series of attacks throughout this year. The BBC reports that “Some suspect that the group has infected more than one million PCs over the last eight months.”

So if you find yourself on a Blogspot blog over the next few days, think twice before clicking on that link!

(via Techmeme)

  • Do they use their own blogs or got access to fair users blogs?

  • They *may* also be exploiting abandoned blogs. I have a blogger blog–have for some time–and have found throug searching that abandoned blogs are ripe for sploggers. Which leads me to think: if you don’t want to blog anymore, just delete your account. Don’t leave it open for others to prey on!

  • What tish said is basically on the nose. Blogger has been susceptible to spammers for a long time. They really need to get more security measures

  • Another good reason to host your own blog.

    Is there a reason abandoned blogs are more susceptible than active ones? Wouldn’t both still require the same authorization to get in and post?

  • that freaked the shit out of money i switched to a custom domain

  • Another good reason to host your own blog.