[ISN] Google's blog software hijacked by scammers

From: InfoSec News (alerts@private)
Date: Sun Mar 18 2007 - 21:33:35 PST


http://www.techworld.com/security/news/index.cfm?newsID=8291

By John E. Dunn
Techworld
16 March 2007

Google's blogger.com is being hijacked to spread malware through fake 
blogs, a security vendor has warned.

According to Fortinet, Genuine-looking blogs on topics as wide-ranging 
as Star Wars, school, furniture, Christmas, cars and girlfriends are now 
being created to host a variety of script-initiated malware. It would be 
impossible for visitors to spot the danger of these sites, which now 
number in the hundreds, the company said. Although they look genuine, it 
appears that all the sites have been specially crafted to fool visitors.

Fortinet gives examples of the sites, including one for a supposed fan 
of the Honda CR450 motor car, which attempts to infect visitors with the 
Wonka Trojan. In another, the fake blog redirects visitors to a store 
front purporting to be Pharmacy Express, a phishing site that has turned 
up in many spam emails distributed by the Stration worm.

"These are not legitimate blogs that were compromised. They appear to be 
deliberately set up to promote phishing, which is against our terms of 
service. We are investigating, and blogs found to include malicious code 
or promote phishing will be deleted," Google said in a statement to 
CNET.

The fake blog scam is another example of social networking sites the 
Internets big growth area being exploited for gain. In recent times, 
MySpace and YouTube have all been used to host or redirect to malware. 
Last October, MySpace was used as the lure for phishing, while earlier 
in the year its users were infected with adware from the site.

In November, it was the turn of another Google company, YouTube, to to 
play host attempted redirect scams, this time using fake porn videos as 
the bait.


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Mar 18 2007 - 21:45:16 PST