Beyond

Today I’m not ad-libbing; but I am trying out the editing potential of WordPress 2.6. The first thing I notice is that I can’t add a paragraph at the top - Well I can, but when I save it the paragraph almost combines with the paragraph underneath. Apologies for the incorrect formatting: [I think I may have cracked it: The next save will tell]  [Oh I give up!]  I’ll use Windows Live Writer in future. Now on with the article:

Security firm Sophos ( http://www.sophos.com ) say that Google’s Blogger service is responsible for a massive two percent of web-hosted malware.

On 18th January this year (2008) Google opened the way for open ID logins to its blogger service in a hope to attract amateur bloggers from Microsoft’s Windows Live Spaces, ( http://home.services.spaces.live.com/  ) among others.

It seems, however, that in addition to attracting any customers from rival blogging services; they have, in common Google tradition, attracted flocks of hackers, malware hosts, etc.

OMG I'm creasing up: I just can't believe I spelled "amateur" a m e t u r e - LMFAO!

According to Sophos, hackers are setting up pages on Google’s free blogging service in order to host malicious code, or to post links to their own or other’s infected websites.

“Blogger accounts for around 2% of malware.” Says Sophos’s senior technology consultant, Graham Cluley. “It’s head and shoulders above the rest.”

This may be partly due to Google’s ownership of blogger; therefore ensuring spidering of content straight into one of the leading search-engines: Hackers have no problem getting their malware out; and any changes made in blogger; for instance insertion of new malware, soon appears on Google’s search.

Sophos appears to be under the impression that Google are actively weeding out hackers, spammers, and the like. My experience of Google’s policy as regards these issues is that they simply ignore the problem; however I may be wrong.

 

Certainly the problem of web-based malware is growing rapidly - With Sophos seeing 16,000 malicious web pages added every day ( Twelve per minute.), and that may well not be all of the total picture.

Says Sophos’s Senior Technology Consultant, Graham Cluley:

“You could post a link into someone’s blog and even if you checked that link at the time, it may be totally harmless. In 20 minutes time the hacker says ‘OK, Google’s now checked me, now I’ll update the page’. So you have to continually scan all of the links on all of the blog pages to do this properly. Which basically is another whole new Google, re-spidering the web to check if there’s something malicious there.”

And Google itself says

“Google takes the security of our users very seriously, and we work hard to protect them from malware.”

“Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network.”

Yeah right: Spidering the googleweb for malware is just not a viable proposition for Google; so unless a hacker emails Google and tells them in advance that malware has been planted at x location, then there’s no way to stop it affecting at least one computer before it’s removed. If it infects that computer and spreads across the web then it’s like shutting the stable door after the horse has bolted: The hacker has won regardless of any and all subsequent actions taken by Google and/or anyone else.