July 23, 2008 2:23 PM PDT

Blogspot.com cited as the No. 1 host for malware

Posted by Robert Vamosi

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S. PlayStation site in July. Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin prick) on an infected page. In loading the page, the Internet browser would then contact a server running exploit scripts and malicious code. But because the sites are legitimate, some security vendors struggle with blocking infected Web pages.

As for illegitimate sites, Sophos notes that Geocities and Blogger both make it easy for anyone to set up a Web site without much identification. Blogger, owned by Google, is particularly problematic, says Sophos, with the blog site alone accounting for nearly 2 percent of all malware hosts. It is not only possible for the Blogger sites to host malicious code, but criminal attackers can also inject links to malicious sites in the comments sections of the blogs.

A spokeperson for Google said "Google takes the security of our users very seriously, and we work hard to protect them from malware. Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network."

Topics:

News

Tags:

security,

Sophos,

Geocities,

Blogger,

Google,

Sony,

Playstation,

SQL-injection

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from News - Security
Microsoft: Expect four bulletins on Patch Tuesday
Protesters decry NASA hacker's extradition
Chrome suffers first security flaw
Microsoft proposes age-limited digital playgrounds
Microsoft slams Google on privacy
Add a Comment (Log in or register) 4 comments
by Penguinisto July 23, 2008 4:44 PM PDT
Err, how hard is it to simply block IFRAME and php tags in the site software? Any competent CMS has that as a setup option nowadays.

Bleah.
Reply to this comment
by mnovickar July 24, 2008 2:56 AM PDT
Simple as that - let's face it.
When something on the web it's free and open to anyone the quality will be low and the risks will be high.
So if you are visiting blogspot and they aren't personal friends, check your sanity!

Science news: http://www.chilipress.com/science.php
Reply to this comment
by JCPayne July 24, 2008 8:50 AM PDT
www. SMS . ac is yet another site to stay away from....
They just renamed themselves as www.fan | box.com I think or something... They tack on all sorts of stuff to your cell phone bill... They push fake avatars that will add you and start sending you fake SMS messages that they bill you for via your cell phone provider... Plus--- they will continually raid your email address book and continue sending themselves to your contacts... BEWARE.
Reply to this comment
by gmbidols August 26, 2008 5:59 AM PDT
Very Nice Blog. I Like Your Blog Please Visit My Website and Give Your Review.

http://www.gmb.in/ http://www.ancientpeaks.com
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

About News - Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

News - Security topics

Featured blogs

advertisement

Inside CNET News

Scroll Left Scroll Right

  • Nanotech: The Circuits Blog

    SanDisk stock surges on buyout rumors

    Stock for flash memory maker SanDisk is up on rumors that a buyout by Samsung is in the works.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • The Open Road

    Analysts as a lagging indicator of success

    Gartner, Forrester, and other analyst firms tend to be great predictors of the past, probably because that's where they get their money.

  • Outside the Lines

    EIC Squared: Chrome, iPods, and a Dell-Salesforce union

    On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Wireless

    Start-up launches spectrum marketplace

    A new company called Spectrum Bridge has launched a Web site for buying and selling wireless spectrum licenses.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Photos: Future Combat Systems, here and now

    The U.S. Army has ambitious plans for a widespread high-tech refresh of its vehicles and other soldier gear. It's also finding a way to make some parts happen sooner rather than later.

  • Crave

    Leaked specifications of the LG Prada II

    Leaked specifications of the LG Prada II.

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET