Skip to main content

Storm Trojan Hits Blogger

If you use Google’s Blogger site, you’d better be careful, because it’s becoming a very dangerous place. Hackers are posting fake entries to a number of blogs there.   That might not seem too threatening, but the entries contain links that lead to downloads that are booby-trapped to infect a Windows PC.   The malicious links were noticed by security researcher Alex Eckelberry from Sunbelt Software on August 27. Several hundred blogs have been updated with the fake entries.   These entries are the work of the same group that have distributed spam with the same text. They try to persuade people into clicking on the links. That downloads the malware onto the computer. Some  of the links falsely appear to lead to YouTube, while others claim to be looking for testers of software packages or digital greetings cards. The messages change to capitalize on news events.   The group behind the Blogger attack seems to be the same one that’s been sending out hundreds of thousands of spam e-mail messages since January of this year, all with links that can lead to infected computers if the user clicks on them.   The first attack was a spam mail that claimed to offer more information about the severe storms seen in Europe in January. This led to the virus used by the gang being dubbed the Storm Trojan.   It would appear to be a massive, co-ordinated effort. At some points, it’s been estimated that between 4-6% of all spam e-mail on a given day was Storm Trojan. This, according to speculation, is because the group has managed to hijack so many PCs to add to their total of slaves sending out spam. One estimate is that over a million computers have been infected in the last eight months and made part of a giant botnet.   Eckelberry isn’t sure how the fake entries were posted to Blogger. It’s possible that fake accounts were set up, or that the entries could have exploited a feature whereby users can e-mail entries to their blog. There’s been no comment from Google.   "The criminals responsible for this spam campaign are experts at exploiting social engineering to propagate their botnets," said Bradley Anstis from security firm Marshal.

Editors' Recommendations