Topics:
Google
Google Hosts More Malware Than Anyone Else
Blogging services are rife with malware because just about anyone can set up a blog without having to provide positive identification. Sophos, which makes antivirus software, is constantly poking about for malware. Sophos finds a Web page with nasty code 12 times per minute, with 16,000 naughty Web pages discovered each day. Sophos senior technology consultant Graham Cluley said, "Blogger accounts for around 2% of malware. It's head and shoulders above the rest of the blogging services. The attraction for the bad guys in targeting Blogger is that things pretty much get spidered instantly into Google, because Blogger is part of Google." Sophos notes that hackers both set up malicious blogs on Blogger, and inject dangerous Web links and content into innocent blogs in the form of comments. The most-oft used form of attack is the SQL injection, which exploits security vulnerabilities and inserts malicious code into the database running a Web site. Companies whose Web sites have been struck by such an attack often clean up their database, only to be infected again a few hours later. Users who visit the affected Web sites risk having their computer taken over by hackers, and their personal banking information stolen by identity thieves. Google isn't sitting idly by. It is doing its best to parse search results for malicious Web sites and keep them from being linked to. But the search isn't perfect. Sophos said it's a difficult job, at best. Cluley said, "You could post a link into someone's blog and even if you checked that link at the time, it may be totally harmless. In 20 minutes time the hacker says 'OK, Google's now checked me, now I'll update the page'. So you have to continually scan all of the links on all of the blog pages to do this properly. Which basically is another whole new Google, re-spidering the Web to check if there's something malicious there." The good news is that Google, Sophos, and others are doing their best to prevent malware from spreading. « Failed Startup Recounts Its Mistakes | Main | OSCON, Pt. 3.1: MySQL's Day In The Sun » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
| |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
| |
|||||||||||||||||||||||||||||||||||||||||
|
|
|
|
||||||||||||
|
||||||||||||||
|
|
|
|
||||||||||||
| | | ||||||||||||
|
|
|
|
||||||||||||
|
||||||||||||||
|
|
|
|
||||||||||||
| | | ||||||||||||
| | | ||||||||||||
|
Ars Technica
Boing Boing Channel 9 Forums CRN Blogs Dr.Dobb's Portal: Blogs Engadget Gizmodo GrokLaw |
Lifehacker
Schneier on Security Slashdot TechCrunch Techdirt Techmeme Valleywag |
