Saturday, January 10, 2009

Protect Your Readers - Install Third Party Code, On Your Blog, Selectively

Recently, we've seen a few reports of blogs which contain malware, or links to malware. Unlike the Adult Friend Finder splogs, and similar blogs, the blogs recently identified are generally privately published, and contain genuinely intended material. The owners have added code, provided by third parties, that contain the malicious code or links to other web sites which contain the malicious code.

Inclusion of malware, or links to malware, is simply what I call a Layer 4/5 security malfunction by the blog owners. Bloggers see a shiny feature on somebody's blog (maybe a blog produced by the malware producer, maybe by another victim of the malware), and decide that they want the shininess on their blog too.

Sometimes, but not always, Blogger Support will identify bad stuff.
It seems now that many of the reported URLs have a 'BlogLinker.com' code snippet in them- *please* stay away from this widget in the future; it is completely nefarious.


But we have to take the responsibility, here. Blogger Support can't help your readers repair their computers, after they are infected. If they manage to take your blog offline before it infects the general public, don't expect an email telling you what they found. You're going to have to find out what you did wrong, maybe with no blog to examine.

When you see a shiny feature on another blog or web site, think carefully. Maybe some online web site analysis would be a good idea, to avoid adding code to your web site that might hurt your readers. If you don't check out a shiny item on somebody else's web site, before you install it, somebody else might check it out on your web site after you install it.

Blogger Buzz: Keeping Your Blog Secure points out other possibile problems.
For example, a site counter widget may indeed be providing your blog with helpful tracking data, but at the same time may also be discreetly sending that information to advertisers for the purpose of collecting the online habits of your readers. A blog template you downloaded from a third party site might include pop-up ads or links to dangerous sites that install malware on visitor's computers.


Even code that is not distributed for malicious purpose may harm your blog. You may end up using extraordinary means to remove it, too.

Third party code can be useful, when it's benevolently provided. Make sure that any code that you install on your web site is not harmful or malicious to your computer, and to your readers computers, before you install it.

>> Top

No comments: