February 23, 2005 2:46 PM PST
Spyware infiltrates blogs
Vulnerabilities are plaguing self-publishing Web tools, exposing bloggers to attacks.
Bloggers who use infected tools could unwittingly turn their sites into a delivery platform for spyware, security experts warn.
"It is one more link in the commerce chain of illicit adware," said Richard Stiennon, chief of technology at Webroot Software, a maker of anti-spyware technology.
Spyware has plagued Web surfers and companies in recent years. Creators of malicious code take advantage of security vulnerabilities in e-mail software, Web browsers and desktop applications to spread code used to siphon personal information or litter a PC with advertisements. Now such rogue outfits are using blogs as a tool to increase their number of installations.
The problem only affects Web surfers using Microsoft's Internet Explorer who fail to choose the highest IE browser security settings, security experts said.
The blog vulnerability has cropped up most visibly in Google's Blogger, the most widely used blog-publishing tool. But it could affect other services as well.
Visitors to Blogger's Blogspot.com network have complained that they were exposed to infected sites when they used the "Next Blog" link. The feature was designed to help people discover new journals and takes Web surfers to a random Blogspot site.
"They left the back door wide open," said Ben Edelman, a Harvard University researcher who has documented the vulnerability on his site, referring to Blogger.
A Google representative responded by saying the company is "aware of this issue and we are looking into it."
Visitors to Blogger sites at Blogspot.com say they have been targeted with pop-up ads seeking to deliver malicious code to their computers. One ad erroneously warns people that their computers are vulnerable to
Page 1 | 2
3 commentsJoin the conversation! Add your comment