Blog Owners Report Mysterious Blogs Added To Their Dashboard Blog List

We are seeing a small but steadily increasing stream of problem reports, in Blogger Help Forum: Something Is Broken, from Blogger blog owners, wondering where these mysterious blogs, being added to their dashboard "My blogs" list, are coming from.
Is anyone else experiencing random blogs being added to their dashboard? I login, and I notice that many blogs have been made - and they're all with names that are just a jumble of letters and numbers, but no posts. All of them lead to the same blog though.


Here's a random list of the names of 7 such blogs, which were recently created in the "blogspot.com" name space. If you wish to examine these blogs, and these have not yet been deleted by the Blogger anti spam processes, I strongly advise that you use a proxy server, or similar isolation technique. Never examine any hacking / spam attack component, unprotected.
yyxfkfgpiy
x24xd2wtu1
4o4fq0rqp9
26djmc3xyh
m9s5tdor2l
h62wo5uthr
bsojvu43gk

Some blog owners are seeing dozens of these mysterious blogs. Adding to the confusion, a couple owners have even thought that their legitimate blogs have been replaced. Fortunately, what is happening is that the legitimate blogs are still there - just not visible in the noise.

When queried for details, many owners report having received, and accepted, an offer involving FaceBook, and the suggestion to "Change your colors". Apparently, if logged in to both Blogger / Google, and FaceBook, this mysterious "FaceBook app" will simply setup quantities of BlogSpot hosted spam blogs, frighteningly reminiscent of blogs created as part of the long ago observed Russian Business Network spam blog farms.

Each blog created has the same initial content - a display, with the offer to "Change your FaceBook colors". The link to accept the offer then leads to a non Google website, which installs the malware, which creates the mysterious spam blogs, in mass quantity. For your examination, here is one example spam blog - which may or may not currently be online, using a proxy server link.
http://anonymouse.org/cgi-bin/anon-www.cgi/http://yyxfkfgpiy.blogspot.com/


We don't yet know what, if anything, is being installed on the computer used in the blogs creation - nor how malicious the virus is, when installed on one's own computer. Our advice is simple - avoid becoming a victim. If you are receiving invitations for this service, it's possible that your FaceBook friends, supposedly sending the invitations, are the current victims. If you ignore the offer, you should be safe.

It's possible, too, that this attack is enabled by the massive attacks of seemingly purposeless spam comments, being published on various blogs.

If you are concerned about this situation, you might want to check all of your blogs for unfamiliar code - then review your current protection, and even consider using Google 2-step verification.

>> Top

Comments