February 23, 2005 2:46 PM PST

Spyware infiltrates blogs

Related Stories

Bloggers rally for jailed Iranians

February 22, 2005

Google blogger: 'I was terminated'

February 11, 2005

Google blogger has left the building

February 8, 2005

Windows glitches to get fixes

February 3, 2005

(continued from previous page)

spyware and prompts them to click the ad to protect themselves. Clicking the ad launches a download that infects a machine with spyware.

At least one Blogger visitor has charged that his computer was hit by an automatic download that did not require him to click on anything to become infected.

The alleged victim, an attorney at Mallory & Tsibouris, has published a cautionary note on the company's Web site: We do "not endorse the use of the 'Next Blog' at the upper right hand corner of this blog."

Edelman said that one major culprit of malicious code was a service called iWebtunes.com, which lets people add music to the Web sites in the form of a couple lines of JavaScript code. Bloggers using Blogspot might embed the iWebtunes code into their template and then pass on the spyware unwittingly to visitors to their site.

iWebtunes will likely get a fee each time it spreads the spyware or it might benefit from the sale of advertising. The bloggers, on the other hand, will get nothing.

Attempts to contact iWebtunes were unsuccessful. The company does not publish contact information on its Web site and uses a third party to protect its identity in the Whois database, the public registry of Web site owners. The company provided a phone number in its Whois registration, but the number was busy for several hours on Wednesday morning.

Google is hardly the only one to blame in this scenario. Microsoft has long been criticized for security weaknesses that let code writers take advantage of its Internet Explorer, the most widely used Web browser.

"You could blame users for clicking on the pop-up, blame Microsoft for designing the insecure software installation system, blame iWebtunes for delivering the pop-ups, or you could blame the blog's author for embedding iWebtunes," Edelman said.

Webroot's Stiennon advises people to switch to the Mozilla Foundation's Firefox Web browser for reading blogs. Either do that, or change IE security settings to deactivate ActiveX or JavaScript in the Web browser, he said.

Previous page
Page 1 | 2

3 comments

Join the conversation!
Add your comment
BLOG SPYWARE
yes, I have experienced unwanted spyware and cannot find a program to remove it. The spyware has changed my desktop icons to have a botton arrow attached. I have several good programs to remove hackers but my icons still have an ugly arrow attached. I think this is comming from Earthlink.net
Posted by (1 comment )
Reply Link Flag
remove hackers
<a class="jive-link-external" href="http://www.analogstereo.com/citroen_c4_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/citroen_c4_owners_manual.htm</a>
Posted by Ubber geek (325 comments )
Link Flag
Another way to combat spyware
I discovered another way to protect yourself from spyware. I recently began using STOPzilla and it works, it is well worth the money. The software automatically suppresses adware, spyware applications and more without interrupting your web experience. It is unobtrusive and does everything that I hoped it would do. You can check it out by going to <a class="jive-link-external" href="http://www.stealthsurfer.biz/stopzilla/stopzilla.html" target="_newWindow">http://www.stealthsurfer.biz/stopzilla/stopzilla.html</a>
Posted by iamannenne (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.