Bloggers Crippled By Viral Storm
Google's Blogger site is being used by malicious hackers who are posting false entries to some blogs. The entries use weblinks that lead to trapped downloads. Caveat: The download could infect Windows PC through the 'Trojan Storm' virus. Eventually, infected computers are being hijacked by the gang behind the attacks and either mined for saleable data or used for other attacks.
The Blogger attack is the latest in a series by a gang that has managed to hijack hundreds of thousands of PCs, reported BBC News. Security researcher Alex Eckelberry from Sunbelt Software first noticed the booby-trapped links turning up on Blogger on 27 August.
Eckelberry added it was not yet clear how the links were posted to blogs. The bogus entries could have exploited a Blogger feature that lets users e-mail entries to their journal. The blogs themselves could also be fake and set up solely to act as hosts for spam.
Commenting on the attack a Google spokesperson said: "The blog posts are likely from users' whose machines have been compromised by a virus. Among the other recipients of spam e-mails generated by the virus are users' mail2blogger accounts, which allow them to update their blogs via e-mail."
"The criminals responsible for this spam campaign are experts at exploiting social engineering to propagate their botnets," said Bradley Anstis from security firm Marshal. According to the report, the spam messages have been changed to capitalize on news events and the viral payload has been updated many times to fool anti-virus programs.
