Blogspot Virus/ Worm Alert

dl meckes · Post by **dl meckes** » Fri Dec 28, 2007 9:23 am

FYI on all that blog spam from people trying to get you to
visit their Blogspot blogs:

In an attack that showcases what cyber criminals have in
store for Web 2.0 next year, the individual or group
behind the Storm worm is distributing new versions of
the malware with the help of hijacked and newly-created
Google Blogspot blogs.

[ ... ]

Security Fix recently was made aware of another,
unrelated way that criminals are using Blogspot blogs to
redirect traffic toward malicious sites. Clicking on
links anywhere on this Blogspot site -- which appears to
be a strange mock-up of a Bank of America phishing
e-mail - takes you to a nicely-done Bank of America
phishing site that is still active as of this writing.

This particular phishing site uses what's known as a
man-in-the-middle attack, so when you pass your logon
credentials to the phishing site, it will actually log
you in at the real Bank of America Web site while
stealing your credentials.

http://blog.washingtonpost.com/security ... s-col-blog

David Lay · Post by **David Lay** » Fri Dec 28, 2007 10:00 am

Time to start using OpenDNS...

dl meckes · Post by **dl meckes** » Fri Dec 28, 2007 10:24 am

If you are using Blogspot, please disable the feature where you can email your submission for your blog.

Also, you may want to double check or remove links.

It seems that the danger is more to visitors than bloggers, so beware of following links on Blogspot blogs.