Blog at your own risk
Blogs are getting popular with hackers too, so be careful whose blog you wander into
Blog authors open up their lives to you on their web logs. But surf to the wrong blog, and you could be opening up your computer to a hacker. A recent report by web security firm Websense warned that hackers are now using blog sites as gateways into computers of surfers who are tricked into clicking on a link to them. These hacker-maintained websites contain malicious codes, such as Trojans or keystroke loggers, that can be secretly installed in the victims' computers. Sensitive information like passwords and credit card numbers can then be swiped from the victims' surfing activities and sent back to the hackers. Websense, which has discovered hundreds of bogus blog sites to date, said that blogs have become an attractive tool for hackers to distribute their harmful codes. Misleading spam Last month, the company discovered a scam where a hacker sent out a deluge of spam to redirect surfers to one of these toxic blogs, which would then run a trojan program on the surfers' computers that was designed to steal banking passwords. 'These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally. 'The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link,' said Mr Dan Hubbard, senior director of security and technology research for Websense. 'In addition, the blogs are being used as the first step of a multi-layered attack that could also involve a spoof e-mail, trojan horse, or a keylogger.' In other cases, victims don't even need to visit the infected blog for their computer to be compromised. Hackers make use of the fake blog as a storage bin for malicious code. This code is then accessed by a surfer's computer that has previously been infected by a trojan by some other means. One reason why blogs are becoming a popular tool for hackers is that most sites that host blogs, such as Blogger.com, are free. This allows hackers to create their own websites. No Protection Many also offer large amounts of free storage for files and don't provide any anti-virus protection against viruses, worms or spyware that may be posted on these sites. Most importantly, there is no need to authenticate your identity when you sign up for an account. This allows hackers free reign of their own website while remaining totally anonymous. How do you protect yourself? The same way you protect yourself from any Internet threat - don't open suspicious attachments in your e-mail, don't click on dubious links that appear in e-mails or your Instant Messaging application and keep your anti-virus software updated.
Reproduced from an article published by The Electric New Paper
© The Electric New Paper
The original article can be viewed here:
http://newpaper.asia1.com.sg/tech/story/0,4136,87224,00.html
Permalink Bookmark Digg this story
