The company claimed it had found hundreds of blogging sites involved in the storage and distribution of malware. Blogs are particularly attractive to criminals as they offer lots of free storage, have no requirement for authentication and do not check posted files for viruses.
Criminals create a blog on a legitimate host site, post viruses or keylogging software to the page, and attract traffic to the blog by sending a link through spam or instant messaging (IM) to a large number of recipients. In other cases, the blog can be used as a storage mechanism which keeps malicious code that can be accessed by a Trojan horse that has already been hidden on the user's computer.
Websense cited one example where such an attack was mounted. Last month the company issued an alert detailing a spoofed email message that attempted to redirect users to a malicious blog which would run the bancos.ju Trojan horse designed to steal banking passwords.
"These aren't the kind of blog websites that someone would stumble upon and infect their machine accidentally. The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link," said Dan Hubbard, senior director of security and technology research at Websense.
"In addition, the blogs are being utilized as the first step of a multi-layered attack that could also involve a spoofed email, Trojan horse, or a keylogger."