Warning: Constant ABSPATH already defined in /home/public/wp-config.php on line 27
Trojan Blogs — Why Now?
On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

Trojan Blogs

by Bryan

This has nothing to do with the Helen and Paris fling [no matter what Victor Davis Hanson may think].

From the Beeb – Bloggers battered by viral storm

Google’s Blogger site is being used by malicious hackers who are posting fake entries to some blogs.

The fake entries contain weblinks that lead to booby-trapped downloads that could infect a Windows PC.

Infected computers are being hijacked by the gang behind the attacks and either mined for saleable data or used for other attacks.

These people are real cyberscum and are responsible for major spamstorms and denial-of-service attacks through their robonets.

6 comments

1 Steve Bates { 08.31.07 at 1:18 am }

Thanks for the heads-up; I’ll post something about it when I’m wider awake tomorrow.

I’ve been thinking about the sheer sophistication of many of the attacks these days. I received an email yesterday that made it through the spam filters. I was almost sure it was spam or worse… almost… so I… no, I didn’t open it; I used a tool available in my webmail to view the source without opening it. It was a multipart/mixed message with a multipart/alternative (the usual text/plain and text/html) as the first part and a GIF file of some sort, referred to from the text/html, as the second part. The alternative texts contained poetry… not bad; it may have been copied from legitimate poetry somewhere, though it was rather chopped up. So the payload must have been in the GIF file. An ad? a faulty GIF designed to infect via a buffer overrun of some sort? I’ll never know, because ultimately I did not attempt to open the mail.

For professional purposes I’ve learned quite a bit about the internals of MIME-structured email. If I, knowing what I know, had difficulty determining if that message was spam, or perhaps something more hazardous, what chance does an ordinary user have? If their a/v software catches it when they open it, that’s great. If not…

I agree with your assessment of these gang members, though I increasingly believe it’s no longer clever script kiddies, but capable adult programmers who intend to use their ‘bot networks for profitable criminal purposes. As you know, I oppose the death penalty, but if anyone could make me change my mind, it’s these people… murder can be committed without premeditation, but hacking is always intentional, and while it may not kill people, it can certainly destroy their lives.

I also worry about politically motivated hacking, and not just of voting machines. But I’ll save that for another day.

2 Bryan { 08.31.07 at 12:09 pm }

They are a significant drag on ‘Net resources and I fully expect extortion to follow at some point, i.e. send us money or your site goes down, similar to the bomb threats against businesses that have been traced back to Portugal.

It’s another form of terrorism.

3 Sunny { 08.31.07 at 4:15 pm }

Thanks for posting this…I had a couple of weird posts that I now attribute to this nonsense…I deleted and I hope, all is now fine.

4 Bryan { 08.31.07 at 4:57 pm }

I’ve been seeing this in comment spam recently, but my filters have been catching it.

5 Badtux { 08.31.07 at 9:11 pm }

One of these guys posted to my site. I of course turned off Javascript, Java, and popups in Safari, followed the link to see where it went and found that it would load a .exe file. Which of course is useless on a Mac. The interesting thing is that the .exe file was hosted on *another* compromised machine, i.e., it’s a viral thing.

Anyhow after I figured out the exploit I deleted the message off my blog, of course. So it goes. I’ll probably turn off anonymous posting this weekend while I’m away.

— Badtux the Spammed Penguin

6 Bryan { 09.01.07 at 12:03 am }

They are a scourge who should be hunted down and forced to use Vista.