Aug 29, 2007

[Security] Worm storms Blogger

Malware authors are really innovative in pushing the envelop.

The Storm worm is one of the recent malware outbreaks. First pushed in the wild January 17, 2007 via email, the social engineering technique is outright offensive, using current events and tragedies to fool unsuspecting users to install malware.

The Storm worm has evolved. Instead of attaching malware into the email, a "YouTube link" is instead spammed. Of course, the link points to another address, and instead of video, a malware is downloaded.

This method has a variation, and it targets blogs hosted on Blogger. SunbeltBLOG reports about some Blogspot blog postings that contain either the usual Storm links or "YouTube links". SunbeltBLOG assumes that the mail-to-Blogger feature is being compromised for this tactic.

For one of the compromised sites, I think the blog owner is infected by Storm worm, and then the worm was able to retrieve the email address used to post entries to Blogger. LiveJournal allows posting via email, but the system requires that a certain password/passcode be embedded on the email (either on the subject or the message body). I think it will be wise for Blogger to adopt a system like this.

Blogger users are advised to turn off this feature in the meantime.

PS: Some of the blogs pictured (and the links in these blogs) at the SunbeltBLOG posts are still live at this moment. Be careful and refrain from visiting these sites (OK, you may visit them but don't click on links!).

No comments:

Post a Comment