Friday, March 16, 2007

Beware of the Blog

A report today warns that Blogger.com, has been infiltrated by a number of phishing sites.

In some cases, the Stration mass mailer is being used to drive traffic to these fraudulent sites. Beyond the problem of spam and phishing sites, a number of Blogger.com sites have been compromised with malicious code.

Hundreds of other Blogging sites (covering subjects ranging from Star Wars, school, furniture, Christmas, cars, and girlfriends) are also infected, according to net security appliance firm Fortinet, which has published an advisory highlighting its concerns.

Ed: My advice is make sure your AV protection is up-to-date and avoid surfing or downloading Blog sites you don't know that hold "active content"

13 comments:

Anonymous said...

or downloading Blog sites you don't know that hold "active content"

Hi Doc

Can you clarify what is "active content" as opposed to inactive?

Many thanks

DrMoores said...

When the website contains something that needs your PC to execute it.. i.e. music, video, moving pictures "Active" etc etc

tony flaig bignews said...

Well that seems as clear as mud and I for one didn't understand a word whats an advisory?, Av protection active, "execute" my computers a pacifist

DrMoores said...

Well I guess it means that if I chose to hijack your weblog Tony and sell it on to the Bulgarian Mafia, without you noticing any changes but carrying a little bit of active code, it would be "Big News" indeed for Margate! - A little knowledge being a dangerous thing!

DrMoores said...

Well I guess it means that if I chose to hijack your weblog Tony and sell it on to the Bulgarian Mafia, without you noticing any changes but carrying a little bit of active code, it would be "Big News" indeed for Margate! - A little knowledge being a dangerous thing!

Anonymous said...

I am every bit as non-technical as Tony, Dr Moores. Can I assume that if i have anti-virus protection and I just visit without commenting or pressing start of video-clips etc, then I don't catch a cold?

DrMoores said...

The short answer is that "It all depends"!

If your antivirus is up to date (the last 24 hours or so) then you can reasonably expect to be protected from the majority of active threats, so I hope that makes you feel better. However the bad guys are becoming extremely clever in embedding content - free porn sites are a popular example -

Here some stas for you to enjoy from a forthcoming presentation at the ecrime congress:

9% have had their bank details stolen and used by someone else, rising to 21% in London

50% of people who have suffered from online fraud have had all of the money returned by their bank or building society, 37% had received nothing

Users don’t know how to interpret trust cues – It’s easy to copy a web site – including flash animation.

– Users can’t distinguish between a padlock in the status bar versus one outside the status bar.

– Users cannot tell if a reasonable-looking email
or site should actually arouse suspicion.

The year ahead:

Simple attacks will still be used to attack low-security targets

Better browser protection will trigger use of more URLs per attack

Rapid evolution of real-time man-in-the-middle attacks

More creative fusion of social engineering and malware
Efficient distribution of Trojans via zero-day vulnerabilities

Nethercourt said...

Um...yeah....thats what I thought too!
Basically, get a router(built in firewall).
Run a software firewall as well (Zone alarm or similar).
Use anti-virus software.(Avg is free)
Use Adaware (It's also free)
Use Spybot S&D (free)
Use Spywareblaster (free)
Use A-squared (free)
I run all the above successfully without conflicts and what one program don't get, another one will.
Don't visit 'dodgy' sites (you know what I mean and deserve all you get!)
And for real peace of mind don't use internet banking!!!

DrMoores said...

Excellent point on the Router!

tony flaig bignews said...

Well there's nothing for it I'm getting some of those condom things, Bleach and a scrubbing brush that should sort it.

tony flaig bignews said...

I have heard you can't catch anything off toilet seats if its any use

DrMoores said...

PC World does an excellent line of digital condoms for most of the popular makes of PC. Be careful though that you don't split the material when fitting it around the system unit!

sue said...

There is a Windows XP update available to protect you from Malicious software.

http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

Second on the list.