Blog Attacks – The Next Generation ™

according to some of my friends on the funsec mailing list, “this” has happened before.

the myspace worm… xanga a couple of weeks ago (see matthew murphy’s post on the subject) and now this…

thousands of blogs around the net started with massive chain linking. they quote “best blonde joke i have ever seen”, among other variations. this is a pretty good self-iq-test, but also a hint of things to come.

so far more than 7000 blogs link to each other, and the sails didn’t even catch wind yet.

as we know in the world of security, once something happens, it will soon be repeated. i fear that we have just now started seeing the emerging trend of malicious uses of blogs. soon i fear many blogs, and the users reading them, will face spyware, bots and much worse by similar methods.. and as we have seen social engineering works here as well (what a shocker), i am not quite sure where the end will be.

gadi evron,
ge@beyondsecurity.com

Share
  • http://www.BeyondSecurity.com noam

    Any more details on how its spreading? is it related to wordpress?

  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    Blogs are a place for people to air their opinions. The abuse potential of a blog is directly proportional to the number of people who find that opinion worthwhile to read.

    Blogs have as many risks for readers as normal web sites do, and if a blog is misconfigured (or somesuch) in a way that it is susceptible to script-in-comment or similar attacks, there are obviously more serious issues.

    People just seem to forget that you can’t let your guard down on a blog anymore than you can somewhere else on the web.

  • sunshine

    Yep.. but this proves the social engineering effect is so much more effective. Email is.. getting old.
    ;)

    IM is temporary.. blogs are RSS’d and trusted by readers.

  • Stimp & Co

    My blownde jobke crawler still searching for the source of this dumb joke.

  • Pingback: SecuriTeam Blogs » Comment Spam: new trends, failing counter-measures and why it’s a big deal

  • Pingback: SecuriTeam Blogs » Comment spam and Xanga: create blogs to spam to?