Navigation



Google’s Blogger Platform Used to Aid Phishing Attacks

Last updated: September 9, 2015 | 5,135 views

Use Netsparker


I’ve known for a while you can buy software for spamming and MFA (Made for Adsense) site generation for a few hundred USD which utilises Google’s Blogger platform (blogspot.com sites).

You will have seen all the splogs as they are called (spam blogs) hosted on Blogger, a lot of them scrape Darknet articles and repost them there with a hope of getting a few hits and some Adsense clicks.

That’s why we limit RSS feeds to only a few hundred characters, so they can’t syndicate our whole content. Anyway that’s beside the point, the point is now people are using Blogger sites for phishing aswell.

Surfing Google’s Blogger Web site is dangerous, warns Fortinet. Several of the blogs on the site have been taken over by miscreants and redirect to phishing Web sites or try to load malicious software onto PCs, the security firm said in an alert Wednesday.

In one example a Blogger blog redirects to what appears to be an online pharmacy, but is in fact a site hosted in China that’s part of a scam to trick people into giving up personal details and financial information, Fortinet said.

In another example, a blog site that appears to belong to a Honda CR450 enthusiast actually tries to install a Trojan horse, Fortinet said. The blog likely was hacked, Fortinet said.

Launching some malware from over there too, seems like people are getting more into online fraud as more and more less savvy users join the Internet masses and are easily conned out of their bank details or Paypal accounts or similar.

“These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service,” a Google representative said in an e-mailed statement. “We are investigating, and blogs found to include malicious code or promote phishing will be deleted.”

Safe surfing tools such as Exploit Prevention Labs’ LinkScanner and McAfee’s SiteAdvisor could help protect against such malicious sites. Additionally, staying up-to-date on security patches, as well as turning off scripting in a Web browser and using common sense and caution help people to stay safe when traversing the Web.

Most of them are made for the purpose of conning people, I guess Google should be pretty strict with these and make sure they are closed down fast.

Source: Cnet

Share
Tweet
+1
Share
0 Shares
Posted in: Phishing, Spammers & Scammers


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
November 29, 2018 - 143 Shares
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
November 23, 2018 - 103 Shares
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
November 14, 2018 - 110 Shares
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
November 2, 2018 - 110 Shares
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
October 29, 2018 - 144 Shares
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
October 20, 2018 - 243 Shares


Comments are closed.