Read this Blog and Get a Virus (Statistically Speaking)

Smirking at the camera
Mosquito Giving Virus

You might be surprised to know that in Symantec's 2011 Internet Security Threat Report the primary source of web based malware infections were not from the expected sources. In years gone by we expected to see infections from Pornography or Piracy sites but no more. Porn sites have slid down to number ten making up only 2.4% of the total exploits while blog sites (like this one) take first place. In figure 16 (page 36) you'll note blogs made up a staggering 19.8% of the exploited sites. 

Why the Shift?

There are probably a few reasons why the shift has occurred.

More Opportunities

One of the reasons is perhaps the huge uptake in bloggers. Every Tom, Dick and Charles has a web blog now. There are more than 200 million blogs world wide. On the highest estimates of porn sites, blogs now easily out number them. Hackers will get a better return on the effort they are spending writing programs to break into websites if there is a broader base to target.

Better Reputation

When a visitor is reading a blog post from a trusted author they are more likely to let down their guard and click "yes" or "download" when they would otherwise be  suspicious. In porn sites the enflamed passions of the visitors led to similar poor decisions.

Protecting Business

When web customers get viruses on a website it is bad for business. This is true for pornographic sites as well. It appears that porn webmasters are learning from attacks gone by and have made proactive changes to shore up cyber defenses. On the other hand, the risk of losing income for many casual bloggers is not yet an immediate concern.

Poor Patch Management

Blogs are built on content management systems (WordPress, Drupal, Joomla, etc.) that have the same problems all computer programs have: they have bugs that hackers can exploit (vulnerabilities.) This site runs on Drupal 7 and several times a week I receive notifications that there are new updates for Drupal or it's contributed modules. I have a good deal of experience dealing with these patches and have a system in place to regularly apply these updates. Most bloggers, especially those running their own sites, don't have the acumen or time to patch these vulnerabilities leaving holes for hackers to manipulate.

Weak Passwords

Add to this that authentication to these systems are normally unencrypted and password strength is not checked; it makes it easy for a hacker's bot to crack a password in short order. Out of the box, most blogging software allows visitors to create accounts for posting comments. This provides a vector for nefarious visitors to get into the system then attempt to gain additional (often administrator) privileges. 

Easy Hosting Access

Web blog hosts offer access to upload files via protocols like FTP which only use unencrypted passwords as a security mechanism. These are easy to successfully exploit using a brute force attack which enables a hacker to upload code directly to the server that will carry out his bidding.

Anonymous Comments

Enabling comments from unvetted users provide a way for embedding malicious web code or attaching infected programs. Thwarting this requires the filtering and scanning of posts that most bloggers aren't familiar with using.

What Do I Do?

If you are a blogger, you are best off using an established blogging service like Blogger. Those sites push out security updates and configuration to their bloggers and can serve as your security staff. Alternately you need to work with a managed hosting company that can provide these services for you. Search the internet for "managed hosting for [your content management system]" and check their track record. You also should review how users register on your site and how comments are posted so that your loyal following is protected.

If you are a blog reader the best thing you can do is utilize in browser scanners (like McAfee's SiteAdvisor or AVG LinkScanner) that check both the reputation of the site (to see if it is a known hacked site) and antivirus scanning in the browser. In addition to that make sure you quickly apply all the patches to your system (for your browser, operating system and browser plugins like Java and Flash.) Also it wouldn't hurt to be suspicious of every email and hyperlink you see. If it looks stinky, it probably is. I can't count how many computers I've cleaned viruses off of and been told "I thought it looked strange but..."

Wrap Up

Our long held beliefs that avoiding the "shady" areas of the Internet will help keep our computers safe are decreasingly true. We need to keep a diligent eye open when visiting our favorite blogs. As blog writers we need to take purposeful steps in protecting our readers from attacks on our sites. 

Tags: