Welcome to WebmasterWorld Guest from 100.24.209.47

Forum Moderators: phranque

Message Too Old, No Replies

Malicious Code Compromises Blogger.com

     
5:39 pm on Mar 15, 2007 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26249
votes: 999


Blogger.com, one of the most visited blog sites, now owned by Google.com, has been compromised with several malicious scripts. The scripts have shown up on hundreds of Blogger.com sites, and in some cases, a possible vector of the Stration mass mailer is responsible for driving traffic to these sites.

Malicious Code Compromises Blogger.com [fortiguardcenter.com]

6:51 pm on Mar 15, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 15, 2004
posts:612
votes: 0


Sorry for the silly question - but if my Blog is hosted at Blogger.com, do =I= have to do something, or is it Blogger's responsibility to defend Bloggers against such attacks? Thx in advance.
7:50 pm on Mar 15, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3593
votes: 48


mzinzag
"The Pharmacy Express phishers have been very aggressive in distributing the Pharmacy Express URL via mass mailers ( eg. Stration ). The spam message appears to link back to Blogspot.com ( screen shot below ).

""A blogger recognizing the domain may be more tempted to visit the link.""

You have to take an action and click on a fake url in an email to go there it is not something that is in the blogger code itself...

7:51 pm on Mar 15, 2007 (gmt 0)

System Operator from US 

incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14664
votes: 99


I would reword the title because there is no proof that blogger.com or blogspot.com are compromised, only that malicious code appears in a few websites. Being compromised is a whole different issue yet to be proven, but I won't say I'm shocked when it is.

They could've gotten the bad code just by using a 3rd party FREE template for blogger that contained the exploit, hard to say.

FWIW, just checked my blogspot site and it appears to be clean ;)

8:42 pm on Mar 15, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2005
posts:331
votes: 0


Not all sites powered by blogger are hosted on their servers. In some cases, people choose to provide their own web hosting, in which case a good amount of the security/responsbility is placed on the blogger -- and not google.
9:37 pm on Mar 15, 2007 (gmt 0)

System Operator from US 

incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14664
votes: 99


Not all sites powered by blogger are hosted on their servers

Those sites don't have blogspot.com subdomains and the sites referenced do.

[edited by: incrediBILL at 9:37 pm (utc) on Mar. 15, 2007]

8:07 am on Mar 16, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 20, 2005
posts:451
votes: 0


These are not hackers, nor is this malicious code. This is Javascript spam they are on about.

What you (spammers) do is open a blog account. If you can not stuff code into the blog message area itself you go to your preferences and edit the css template area (you stuff your Javascript in there). They use Javascript as Google can not pick it up. They probably use encoded Javascript to stop google from even seeing a domain name.

Then, Google loving blogs and especially their own rank the damn thing high because they can not see the redirect. Surfers get these in the first page of search returns, click the link, Javascript redirects to target site.

Again, that is not hacking. Hacking is where you find a vulnerability in the OS or application itself and exploit that. Blog sites that are dumb enough to allow people to add Javascript to their "blogs" just go to show how much Google has put on suits of anti-spam armour only to leave their own backsides bare.

8:08 am on Mar 16, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 20, 2005
posts:451
votes: 0


Oh forgot, after they stuff a blog with a javascripot redirect, they then go and bot poist the blog URL on forums and guestbooks.