[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 14 April, 2005, 07:20 GMT 08:20 UK
Bogus blogs snare fresh victims
Diary page, Eyewire
Many web logs are like electronic diaries and are updated daily
Cyber criminals are starting to use fake blogs to snare new victims.

The bogus web journals are being used as traps that infect visitor's machines with keylogging software or viruses.

Filtering firm Websense said it had found hundreds of bogus blogs baited with all kinds of malicious software to snare the unwary.

Websense warned that the baited blogs could get past traditional security measures that try to protect people from malicious programs.

Hidden harm

The company said blogs were being used because they inadvertently offered lots of help to computer criminals.

Blogs are free and simple to use, offer users lots of storage space, can be used anonymously and most do not scan stored files for viruses and other malicious programs.

Websense said it had seen examples of some computer criminals creating a legitimate looking weblog, loading it with keylogging software or viral code, and then sending out the address of it through instant messenger or spam e-mail.

"These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally," said Dan Hubbard, Websense's research director. "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."

In separate cases some blogs were being used as storage lockers holding chunks of malicious code that the controller of a network of zombie machines wants those remotely-controlled computers to use.

In late March, Websense found a fake e-mail message that tried to direct people to a blog that was hosting keylogging software.

Now it estimates that there could be more than 200 bogus blogs in existence that are being used to attack net users.

By comparison blog-watching service Technorati estimates that there are more than 8 million blogs in existence.

Anyone visiting the baited blog and falling victim to the keylogger could find that they have bank accounts rifled by the phishing gang behind the bogus website.

Websense warned that viruses hosted on weblogs might be a danger because they get round the filtering systems many firms have created to ensure malicious programs do not reach employees.

Users were urged to keep anti-virus and patches up to date, regularly scan machines with anti-spyware products and exercise caution when reading unsolicited messages sent via e-mail or instant messenger.


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific