Hackers Use Blogs To Spread Virus Worms, Trojans And Keyloggers

Blogs are becoming a popular hacker target, said a security and content filtering firm Wednesday, blogs increasingly are being used as a safe haven by hackers for storing and distributing malicious code, including identity-stealing keyloggers.

"We're seeing that more and more of the locations where malicious code is stored is on blog sites," said Dan Hubbard, the senior director of security and technology research for San Diego-based Websense. So far this year, Hubbard said, his lab has discovered hundreds of blogs involved in the storage and delivery of harmful code.

In particular, keyloggers, trojan, malware and other spyware writers are turning to blogs -- and away from traditional hosting and/or e-mail services -- because they offer large amounts of free storage space, they don't require any identity authentication to post, and most blog hosting services don't scan posted files for viruses, worms, or spyware.

While end-users can do little beyond keep safe and smart practices in mind -- however, Hubbard said, there is plenty blog software makers and hosting services could do.

"They need to add some type of security on top," he urged. "Anti-virus is a good start. And limit the type of files that can be uploaded, by, for example, restricting executables (.exe)."