Bogus blogs snare fresh victims
http://news.bbc.co.uk/2/hi/technology/4441333.stm
Excerpt
"... Cyber criminals are starting to use fake blogs to snare new victims.
The bogus web journals are being used as traps that infect visitor's
machines with keylogging software or viruses.
Filtering firm Websense said it had found hundreds of bogus blogs
baited with all kinds of malicious software to snare the unwary.
Websense warned that the baited blogs could get past traditional
security measures that try to protect people from malicious programs.
Hidden harm
The company said blogs were being used because they inadvertently
offered lots of help to computer criminals.
Blogs are free and simple to use, offer users lots of storage space,
can be used anonymously and most do not scan stored files for viruses
and other malicious programs.
Websense said it had seen examples of some computer criminals
creating a legitimate looking weblog, loading it with keylogging
software or viral code, and then sending out the address of it
through instant messenger or spam e-mail.
"These aren't the kind of blog websites that someone would stumble
upon and infect their machine accidentally," said Dan Hubbard,
Websense's research director. "The success of these attacks relies
upon a certain level of social engineering to persuade the individual
to click on the link."
In separate cases some blogs were being used as storage lockers
holding chunks of malicious code that the controller of a network of
zombie machines wants those remotely-controlled computers to use. ..."
RELATED INTERNET LINKS:
Websense
http://ww2.websense.com/
Websense alert on bogus blog message
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=156
Technorati
http://www.technorati.com/
