Hackers are increasingly exploiting blogs
MALICIOUS hackers are increasingly exploiting blogs as channels to distribute malicious codes and cracking tools, the US-based firm Websense Inc. said. Websense's Security Labs said that this year alone, it has identified hundreds of blogs providing harmful computers codes for download.
Cyber-criminals are now taking advantage of blog sites that allow users to easily publish their own web pages at no cost, the company said.
Apparently, blogs are now attractive vehicles for hackers since they provide large amounts of free storage; do not require identity authentication to post information; and offer hosting facilities that do not provide anti-virus protection for posted files, Websense added.
Some blogs have been discovered to contain malicious code like computer viruses or keylogging software that can infect visitors, it said.
Some hackers have used spam to attract unsuspecting victims to their blogs.
Blogs are now used to store malicious codes that can be accessed by a Trojan horse that hidden in an infected computer, the security company said.
On March 23, 2005, a spoofed email message attempted to redirect users to a malicious blog, which in turn ran a Trojan horse designed to steal banking passwords, according to Websense. In this particular scenario, users receive a message spoofed from a popular messaging service, offering a new version of their instant messaging program.
Upon clicking the link, users were redirected to a blog that hosted a password-stealing keylogger. When predetermined banking websites were accessed, the keylogger (bancos.ju) logged keystrokes and sent them to a third party.
Dan Hubbard, senior director of security and technology research for Websense, Inc., said that social engineering, the use of deception or impersonation to access unauthorized information, is involved in luring victims to blogs containing malicious codes.
Cyber-criminals are now taking advantage of blog sites that allow users to easily publish their own web pages at no cost, the company said.
Apparently, blogs are now attractive vehicles for hackers since they provide large amounts of free storage; do not require identity authentication to post information; and offer hosting facilities that do not provide anti-virus protection for posted files, Websense added.
Some blogs have been discovered to contain malicious code like computer viruses or keylogging software that can infect visitors, it said.
Some hackers have used spam to attract unsuspecting victims to their blogs.
Blogs are now used to store malicious codes that can be accessed by a Trojan horse that hidden in an infected computer, the security company said.
On March 23, 2005, a spoofed email message attempted to redirect users to a malicious blog, which in turn ran a Trojan horse designed to steal banking passwords, according to Websense. In this particular scenario, users receive a message spoofed from a popular messaging service, offering a new version of their instant messaging program.
Upon clicking the link, users were redirected to a blog that hosted a password-stealing keylogger. When predetermined banking websites were accessed, the keylogger (bancos.ju) logged keystrokes and sent them to a third party.
Dan Hubbard, senior director of security and technology research for Websense, Inc., said that social engineering, the use of deception or impersonation to access unauthorized information, is involved in luring victims to blogs containing malicious codes.
0 Comments:
Post a Comment
<< Home