Computer Crime Research Center


Hackers use blogs to distribute malcode and keyloggers

Date: April 16, 2005
Source: Websense

Websense® Security Labs™ reports blog websites used as tool to deliver and support malicious software.

Websense, Inc., the world’s leading provider of employee internet management solutions, today announced that blogs are increasingly being exploited as a means to distribute malicious code and keylogging software. To date in 2005, Websense® Security Labs™ has discovered hundreds of instances of blogs involved in the storage and delivery of harmful code. Websense® software provides a layered security approach against web based threats, such as corrupted blogs, that complements traditional network security measures, protecting valuable corporate and employee information from being exposed.

Cyber-criminals are now taking advantage of blog sites that allow users to easily publish their own web pages at no cost. Blogs can be attractive vehicles for hackers for several reasons—blogs offer large amounts of free storage, they do not require any identity authentication to post information, and most blog hosting facilities do not provide antivirus protection for posted files.

In some cases, the culprits create a blog on a legitimate host site, post viral code or keylogging software to the page, and attract traffic to the toxic blog by sending a link through spam email or instant messaging (IM) to a large number of recipients. In other cases, the blog can be used as a storage mechanism which keeps malicious code that can be accessed by a Trojan horse that has already been hidden on the user’s computer.

For example, on March 23, 2005, Websense Security Labs issued an alert detailing a spoofed email message that attempted to redirect users to a malicious blog which would run a Trojan horse designed to steal banking passwords. In this situation, the user received a message spoofed from a popular messaging service, offering a new version of their IM program. Upon clicking the link, the user was redirected to a blog page which was hosting a password-stealing keylogger. When predetermined banking websites were accessed, the keylogger (bancos.ju) logged keystrokes and sent them to a third party.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo