February 23, 2005 2:46 PM PST
Spyware infiltrates blogs
(continued from previous page)
spyware and prompts them to click the ad to protect themselves. Clicking the ad launches a download that infects a machine with spyware.
At least one Blogger visitor has charged that his computer was hit by an automatic download that did not require him to click on anything to become infected.
The alleged victim, an attorney at Mallory & Tsibouris, has published a cautionary note on the company's Web site: We do "not endorse the use of the 'Next Blog' at the upper right hand corner of this blog."
iWebtunes will likely get a fee each time it spreads the spyware or it might benefit from the sale of advertising. The bloggers, on the other hand, will get nothing.
Attempts to contact iWebtunes were unsuccessful. The company does not publish contact information on its Web site and uses a third party to protect its identity in the Whois database, the public registry of Web site owners. The company provided a phone number in its Whois registration, but the number was busy for several hours on Wednesday morning.
Google is hardly the only one to blame in this scenario. Microsoft has long been criticized for security weaknesses that let code writers take advantage of its Internet Explorer, the most widely used Web browser.
"You could blame users for clicking on the pop-up, blame Microsoft for designing the insecure software installation system, blame iWebtunes for delivering the pop-ups, or you could blame the blog's author for embedding iWebtunes," Edelman said.
3 commentsJoin the conversation! Add your comment