The "Storm" botnet has apparently invaded blogging; a number of blogs are being set up as hosts for the virus files and traps to try to get them onto machines.|
This Storm infection is not simple comment spam, where spammers post their junk messages and malware as blog comments. "These are blogs that post spam," says Alex Eckelberry, CEO of Sunbelt Software, who has been studying the posts. He says he hasn't seen any legitimate blogs bites being hacked and sprinkled with Storm, but he's still researching the trend. My guess: they cracked Google's captcha.
Eckelberry, who first discovered Storm executable files on several blogger sites this week, says Storm is showing up on blogs that use the mail-2-blogger feature, where bloggers can post via email. Google does have a CAPTCHA defense in place to prevent this kind of infection, requiring some bloggers to manually enter their code in order to post their blogs.
"But these guys are somehow flying under the radar," Eckelberry says. "I have no idea how they are doing this."