When Blogs Attack
BBC NEWS | Technology | Bogus blogs snare fresh victims
: "These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally,' said Dan Hubbard, Websense's research director. 'The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link.'
In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use.
In late March, Websense found a fake e-mail message that tried to direct people to a blog that was hosting keylogging software.
Now it estimates that there could be more than 200 bogus blogs in existence that are being used to attack net users.
By comparison blog-watching service Technorati estimates that there are more than 8 million blogs in existence.
Anyone visiting the baited blog and falling victim to the keylogger could find that they have bank accounts rifled by the phishing gang behind the bogus website.
Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees."