Blogging sites harbouring cybercriminals
Published: 26 Jul 2005 09:10 BST
Cybercriminals are increasingly using blog sites and other free online services to spread malicious code, a security firm has warned.
In the first two weeks of July, Websense's labs saw more than 500 incidents of such attacks, it said on Monday. The free services are being abused to install software designed to steal personal information or hijack a victim's PC.
"July has seen a major boom — in the first two weeks alone, we found more instances than in May and June combined," Dan Hubbard, the senior director of security and technology research at Websense, said in a statement.
For the year until mid-July, the company found a total of 2,500 incidents.
The free services are an anonymous and affordable way for attackers to store and spread their malicious code. In April, Websense reported that blogging services were being targeted by cybercriminals. The company is now warning that other services that offer free Web space — for example, photo album sites, fan sites or greeting card sites — are also being exploited.
The attackers typically lure people to the malicious sites by sending enticing emails and instant messages. When a victim clicks on a link, the computer becomes infected. In one case, a greeting card was displayed and a tune played in the background while spyware was being installed on the compromised PC, Websense said.
Automatic tools can be used to create some of the malicious Web pages, Websense said. Typically, the fraudulent sites are only online for up to four days, which makes them harder to detect, it added.
Websense sells software that protects organisations' networks by blocking access to known malicious Web sites. The company scans millions of sites every day for malicious code. It is advising people to be careful when following Web links and to run up-to-date antivirus software for protection.
Did you find this article useful?
100 out of 208 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
