• On The Insider: Bruno Film Edited Due to Jackson's Death
July 23, 2008 2:23 PM PDT

Blogspot.com cited as the No. 1 host for malware

by Robert Vamosi

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S. PlayStation site in July. Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin prick) on an infected page. In loading the page, the Internet browser would then contact a server running exploit scripts and malicious code. But because the sites are legitimate, some security vendors struggle with blocking infected Web pages.

As for illegitimate sites, Sophos notes that Geocities and Blogger both make it easy for anyone to set up a Web site without much identification. Blogger, owned by Google, is particularly problematic, says Sophos, with the blog site alone accounting for nearly 2 percent of all malware hosts. It is not only possible for the Blogger sites to host malicious code, but criminal attackers can also inject links to malicious sites in the comments sections of the blogs.

A spokeperson for Google said "Google takes the security of our users very seriously, and we work hard to protect them from malware. Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network."

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
advertisement
Click here!
Recent posts from Security
Symantec's Ramzan on solving the antivirus puzzle
Apple fixing iPhone SMS security hole
Waledac worm targeting July 4 spam offensive
ATM vendor gets security talk pulled from conferences
Postini: Google's take on e-mail security
Botnets lead the way for spam
Stallman warns of Mono 'risk'
China delays rule for Net-screening software
Add a Comment (Log in or register) (8 Comments)
  • prev
  • 1
  • next
by Penguinisto July 23, 2008 4:44 PM PDT
Err, how hard is it to simply block IFRAME and php tags in the site software? Any competent CMS has that as a setup option nowadays.

Bleah.
Reply to this comment
by mnovickar July 24, 2008 2:56 AM PDT
Simple as that - let's face it.
When something on the web it's free and open to anyone the quality will be low and the risks will be high.
So if you are visiting blogspot and they aren't personal friends, check your sanity!

Science news: http://www.chilipress.com/science.php
Reply to this comment
by JCPayne July 24, 2008 8:50 AM PDT
www. SMS . ac is yet another site to stay away from....
They just renamed themselves as www.fan | box.com I think or something... They tack on all sorts of stuff to your cell phone bill... They push fake avatars that will add you and start sending you fake SMS messages that they bill you for via your cell phone provider... Plus--- they will continually raid your email address book and continue sending themselves to your contacts... BEWARE.
Reply to this comment
by gmbidols August 26, 2008 5:59 AM PDT
Very Nice Blog. I Like Your Blog Please Visit My Website and Give Your Review.

http://www.gmb.in/ http://www.ancientpeaks.com
Reply to this comment
by zingo454 September 30, 2008 9:44 AM PDT
I despise this type of behavior they should be procuted to the fullest extent !

<br>Tammy Marten<br><A href="http://ecanceranswers.net">Cancer Symptoms</A>
Reply to this comment
by zingo454 September 30, 2008 9:44 AM PDT
I despise this type of behavior they should be procuted to the fullest extent !

<br>Tammy Marten<br><A href="http://ecanceranswers.net">Cancer Symptoms</A>
Reply to this comment
by xperya October 4, 2008 10:51 AM PDT
Helolo im Jenny Glover.
I using AdwareAlert.com to remove spyware/adware from his computer!


Jenny Glover
--------------------
<a href="http://www.downloademaillist.com/record/jenny_glover_dover_19901_usa_state_de.html" title="Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records ..">Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records ..</a>
Reply to this comment
by xperya October 4, 2008 10:52 AM PDT
Helolo im Jenny Glover.
I using AdwareAlert.com to remove spyware/adware from his computer!


Jenny Glover
--------------------
<a href="http://www.downloademaillist.com/record/jenny_glover_dover_19901_usa_state_de.html" title="Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records ..">Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records ..</a>
Reply to this comment
(8 Comments)
  • prev
  • 1
  • next
advertisement

Making sense of Windows 7 upgrades

faq The basics and the fine print on Microsoft's options for those eyeing the next operating system from Redmond.
• Full Windows 7 coverage

Road Trip 2009: Big Sky Country

CNET News reporter Daniel Terdiman takes his car full of gadgets to the Rockies and the Great Plains in search of tech, science, nature, and more.
• America's Fortress: Cheyenne Mountain

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right