Blogger Security Threat
Obviously we didn’t click as the link was unsolicited and actually to a web server identified only by an IP address. We just deleted the emails as we do with the hundreds of other spam emails we get through each day.
However it is becoming apparent that the emails are part of a spam campaign that now affects Blogger blogs too. The hackers seem to be able to use the email posting facility on Blogger to insert dubious content on blogs. Visitors following links in this content are taken to a site which attempts to load one or more (Windows) exploits in an attempt to hijack the PC and turn it into part of the criminal’s Botnet.
Blogger has yet to give an analysis of the threat or what to do about it.
Please ensure you do the following
- Check your PC is fully up-to-date with all Windows patches.
- Make sure you have up-to-date anti-virus software.
- Delete all spam mail immediately and never click on links in email unless you know the sender is trustworthy, no matter how much you are tempted to view a promised funny/interesting YouTube video.
And just to be on the safe side, if you don’t need “post by email”, turn it off for now. It’s only speculation that this is the infection route but it’s best to leave as few “doors” open as possible when there are security threats about.
As the exact attack vector is still unclear you would also do well to change your password, let’s face it changing your password from time to time is good practice anyway.
Lots of information can be found here http://news.bbc.co.uk/1/hi/technology/6970368.stm.
Absolutely sod all information can be found here http://www.blogger.com nice one Blogger!