Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Strategies & Market Trends : The Epic American Credit and Bond Bubble Laboratory -- Ignore unavailable to you. Want to Upgrade?

To: russwinter who wrote (30473)	4/13/2005 9:25:25 AM
From: basserdan	Respond to of 110194

Phishing twist relies on bogus blogs Phishing twist relies on bogus blogs April 12, 2005, 8:27 AM PDT By Dawn Kawamoto Staff Writer, CNET News.com A new form of phishing is taking shape and riding on the growing popularity of blogs, security company Websense said Tuesday. Malicious virus writers are attempting to lure people to malicious blogs using enticing e-mails and instant messages, according to a new report from Websense. Once a person arrives at the blog, which can be posted on a legitimate host site, the victim's computer becomes infected with software designed to steal sensitive information, such as passwords and bank account information. "These aren't the kind of blog Web sites that someone would stumble upon and infect their machine accidentally," Dan Hubbard, Websense senior director of security and technology research, said in a statement. "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link." In the past four months, Websense has detected hundreds of cases where blogs were used to store malicious code and infect users' computers. Malicious virus writers are attracted to blogs not only because the medium's popularity is growing, but also because of the free storage often provided by the host site and the lack of antivirus protection provided for these posted files. Websense said that as of Tuesday, there are 210 active bogus blogs. The company also notes that the average lifespan of one of these blogs is three or four days. In one recent case, Websense found a spoofed e-mail that tried to lure people to a malicious blog that would run a Trojan horse. The e-mail looked like it came from a popular instant-messaging service, and it tried to entice the recipient to click on a link to get a new version of its IM program. But when people clicked on the link, it directed them to a blog that hosted keystroke-logging software to steal their passwords when they accessed certain online banking sites. The use of blogs is just the latest twist on phishing techniques. Other phishing offshoots include cross-site scripting and DNS poisoning. sympatico-msn-ca.com.com.