Tuesday, July 03, 2007

what's happening to security blogs on blogger.com?

over the weekend i received an email (thanks again, luke) alerting me to the fact that the blog for superantispyware (a well known and respected anti-spyware application) had been compromised and was serving up malware... on checking my stats i saw that there were a few clicks on that link in my blogroll over the course of the past month so i was concerned and tried to get details from nick skrepetos, but while waiting for a response i find out via the sunbelt blog that a virtually identical fate has befallen another security related blogger.com blog...

is it just those two? are there more? is it just security blogs being compromised or is it just blogger.com blogs in general that are falling victim to the malware profiteers? it seems an unlikely coincidence that 2 security blogs on blogger.com would be found compromised and serving malware around the same time due to unrelated causes... as a blogger.com user myself and a security blogger, i'd really be interested in further details on how the compromise happened - as i'm sure quite a number of other security bloggers who use blogger.com are...

at any rate, if you've visited either of the 2 blogs in question recently, you might want to give your system a thorough inspection - just to be safe...

2 comments:

Luke said...

I'm not clear about what happened to Winn's blog. I read on http://www.theregister.co.uk/2007/07/04/security_blog_pushes_crudware/
that it is not a security problem, but rather a matter of cybersquatting.

"A spokeswoman for Google, which runs Blogspot, said when the URL was retired, it went back into regular rotation, meaning it was available for the first person to request it. The new owner, evidently, is responsible for the content that warns users they may have malware and invites them to download Malware Alarm.

"This is more a case of 'URL squatting' and not a security issue," the Google spokeswoman said in an email."

But when I read his comments on the sunbelt blog, he seems to think otherwise, that the blog was still his, except that he was neglecting it.

Either way seems different from the SUPERAntiSpyware case, which if Nick is to be believed was an outright hack.

But yeah it seems that the gang behind Malware Alarm seems to be gunning for security related blogs/sites (not a new thing),akin to buying google adwords of ad-aware, spybot etc.

kurt wismer said...

i also read that register article and yes, it does sound like it's contradicting the blog owner...

that said, if the blog owner is correct it actually is the same as (or at least very similar to) what happened to superantispyware blog, as the superantispyware blog went dark in march and so can realistically be said to have been neglected as well...