Blogging sites that fail to check software stored by users could be a breading ground for hackers storing Trojan software and other malicious code.
According to Websense, a web monitoring company based in America, it has discovered hundreds of instances of blogs involved in the storage and delivery of harmful code.
The company says that the problems stem from not requiring any identity authentication to post information.
”These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally. The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link,” said Dan Hubbard, senior director of security and technology research for Websense, Inc. “In addition, the blogs are being utilized as the first step of a multi-layered attack that could also involve a spoofed email, Trojan horse, or a keylogger.”
In some cases, the culprits create a blog on a legitimate host site, post viral code or keylogging software to the page, and attract traffic to the toxic blog by sending a link through spam email or instant messaging (IM) to a large number of recipients. In other cases, the blog can be used as a storage mechanism which keeps malicious code that can be accessed by a Trojan horse that has already been hidden on the user's computer.