Munir Kotadia
ZDNet Australia
October 04, 2005, 09:35 BST
Blogs started turning toxic in the first half of 2005 as malware authors started using free Web hosting and blogging services to store their malicious files, according to Internet security firm Websense.
According to the Websense Security Trends Report 2005, the first half of this year saw the Web become "by far the fastest growing attack vector", as malware authors started distributing links to malicious files in socially engineered e-mails instead of sending the actual files, which would most likely be blocked by corporate antivirus and spam filters.
"These aren't the kind of Web sites that someone would stumble upon and infect their machine accidentally. The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link. In addition, the blogs are being utilised as the first step of a multi-layered attack that could also involve a spoofed e-mail, Trojan horse or keylogger," the report said.
The increasing popularity of sites offering free blogs and Web space means malware authors now have access to an almost unlimited amount of hosting space in which to store their code. Websense claims that the general lack of security provided by these services means they are now regularly used to launch attacks.
"The blog can be used as a storage mechanism, which keeps malicious code that can be accessed by a Trojan horse that has already been hidden on the user's computer? [blogs] do not require any identity authentication to post information, and most blog hosting facilities do not provide antivirus protection for posted files," the report said.
In July, Websense told ZDNet Australia that it had seen an alarming increase in Web sites offering free hosting services being used to store and distribute malware, which indicates that this trend is set to continue being a problem for the foreseeable future. At the time, Dan Hubbard, senior director of security and technology research at Websense, said more malware was found on free hosting services during the first two weeks of July than in May and June combined.