Google’s Blogger Platform Used to Aid Phishing Attacks


I’ve known for a while you can buy software for spamming and MFA (Made for Adsense) site generation for a few hundred USD which utilises Google’s Blogger platform (blogspot.com sites).

You will have seen all the splogs as they are called (spam blogs) hosted on Blogger, a lot of them scrape Darknet articles and repost them there with a hope of getting a few hits and some Adsense clicks.

That’s why we limit RSS feeds to only a few hundred characters, so they can’t syndicate our whole content. Anyway that’s beside the point, the point is now people are using Blogger sites for phishing aswell.

Surfing Google’s Blogger Web site is dangerous, warns Fortinet. Several of the blogs on the site have been taken over by miscreants and redirect to phishing Web sites or try to load malicious software onto PCs, the security firm said in an alert Wednesday.

In one example a Blogger blog redirects to what appears to be an online pharmacy, but is in fact a site hosted in China that’s part of a scam to trick people into giving up personal details and financial information, Fortinet said.

In another example, a blog site that appears to belong to a Honda CR450 enthusiast actually tries to install a Trojan horse, Fortinet said. The blog likely was hacked, Fortinet said.

Launching some malware from over there too, seems like people are getting more into online fraud as more and more less savvy users join the Internet masses and are easily conned out of their bank details or Paypal accounts or similar.

“These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service,” a Google representative said in an e-mailed statement. “We are investigating, and blogs found to include malicious code or promote phishing will be deleted.”

Safe surfing tools such as Exploit Prevention Labs’ LinkScanner and McAfee’s SiteAdvisor could help protect against such malicious sites. Additionally, staying up-to-date on security patches, as well as turning off scripting in a Web browser and using common sense and caution help people to stay safe when traversing the Web.

Most of them are made for the purpose of conning people, I guess Google should be pretty strict with these and make sure they are closed down fast.

Source: Cnet

Posted in: Phishing, Spammers & Scammers


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


Comments are closed.