- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
A Google-hosted blog is running phony security content that's linked to malware, as well as using Google's automated notification service to try to entice subscribers to click on an infected link, says one security expert.
To trick readers looking for information related to legitimate security products, the blog -- which has been spotted working under the name "Brittany" -- has copied content related to security vendors Symantec, Trend Micro and Aladdin Knowledge Systems, says Ofer Elzam, director of product management in Aladdin's eSafe division.
Elzam says this is the first time his company has seen this type of exploit. An Aladdin employee first spotted the exploit when she received a Google e-mail alert about Aladdin. But she immediately thought it looked odd.
"This alert was about an award from a few years ago, but someone had changed the quote slightly from 2005 to 2008," Elzam says about the Google alert e-mail. "There were other entries there too, related to Symantec and Trend Micro."
Anyone who clicked on links in the Google e-mail alert, or on the Google blog site with the fake security vendor information, would find themselves re-directed to a porn site and subject to attack code that would attempt to load malware onto their machine.
"This is the first time we've seen something like this," Elzam says. "If you get a message from a Google alert, you might think this is a service you can trust. But it's directing you to a rogue site with fake security software. And it's tricking Google, too."
Google's own statement of use associated with its blog service makes it clear that Google is under no obligation to patrol, noting that the Google blog sites "can carry offensive, harmful, inaccurate or other inappropriate material."
Google states in its usage policy that "Google does not monitor the contents of Blogger.com and Blogspot.com, and takes no responsibility for such content. Instead, Google merely provides access to such content as a service to you."
Aladdin's Elzam wonders if other high-tech companies in the network industry are finding their content purloined and their brands manipulated by malicious blog posts intended to fool users into downloading malware.
Tom Gillis, vice president of marketing at Cisco's IronPort division, says he isn't aware of anything similar targeting Cisco this way, but does know the practice of bogus blog postings to spread malware is a growing trend in sophisticated attacks.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment