Blogspot.com cited as the No. 1 host for malware

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S. PlayStation site in July. Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin prick) on an infected page. In loading the page, the Internet browser would then contact a server running exploit scripts and malicious code. But because the sites are legitimate, some security vendors struggle with blocking infected Web pages.

As for illegitimate sites, Sophos notes that Geocities and Blogger both make it easy for anyone to set up a Web site without much identification. Blogger, owned by Google, is particularly problematic, says Sophos, with the blog site alone accounting for nearly 2 percent of all malware hosts. It is not only possible for the Blogger sites to host malicious code, but criminal attackers can also inject links to malicious sites in the comments sections of the blogs.

A spokeperson for Google said "Google takes the security of our users very seriously, and we work hard to protect them from malware. Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network."

[Penguinisto]

Err, how hard is it to simply block IFRAME and php tags in the site software? Any competent CMS has that as a setup option nowadays.

Bleah.

[mnovickar]

Simple as that - let's face it.
When something on the web it's free and open to anyone the quality will be low and the risks will be high.
So if you are visiting blogspot and they aren't personal friends, check your sanity!

Science news: <a class="jive-link-external" href="http://www.chilipress.com/science.php" target="_newWindow">http://www.chilipress.com/science.php</a>

[JCPayne]

www. SMS . ac is yet another site to stay away from....
They just renamed themselves as www.fan | box.com I think or something... They tack on all sorts of stuff to your cell phone bill... They push fake avatars that will add you and start sending you fake SMS messages that they bill you for via your cell phone provider... Plus--- they will continually raid your email address book and continue sending themselves to your contacts... BEWARE.

[gmbidols]

Very Nice Blog. I Like Your <a href="http://www.marble-murti.blogspot.com/">Blog</a> Please Visit My <a href="http://www.lipsigprice.com">Website</a> and Give Your Review.<br/>
<a href="http://www.gmb.in/">http://www.gmb.in/</a> <a href="http://www.ancientpeaks.com/">http://www.ancientpeaks.com</a> <a href="http://www.marble-murti.blogspot.com/"></a>

[xperya]

Helolo im Jenny Glover.
I using AdwareAlert.com to remove spyware/adware from his computer!


Jenny Glover
--------------------
&lt;a href="http://www.downloademaillist.com/record/jenny_glover_dover_19901_usa_state_de.html" title="Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records .."&gt;Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records ..&lt;/a&gt;

[xperya]

Helolo im Jenny Glover.
I using AdwareAlert.com to remove spyware/adware from his computer!


Jenny Glover
--------------------
&lt;a href="http://www.downloademaillist.com/record/jenny_glover_dover_19901_usa_state_de.html" title="Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records .."&gt;Jenny Glover, Dover, Delaware 19901 - SSN, Credit Records, Arrest Records, Court Records, Criminal Records ..&lt;/a&gt;