Skip to main content

Blog Owners Report Mysterious Blogs Added To Their Dashboard Blog List

We are seeing a small but steadily increasing stream of problem reports, in Blogger Help Forum: Something Is Broken, from Blogger blog owners, wondering where these mysterious blogs, being added to their dashboard "My blogs" list, are coming from.
Is anyone else experiencing random blogs being added to their dashboard? I login, and I notice that many blogs have been made - and they're all with names that are just a jumble of letters and numbers, but no posts. All of them lead to the same blog though.


Here's a random list of the names of 7 such blogs, which were recently created in the "blogspot.com" name space. If you wish to examine these blogs, and these have not yet been deleted by the Blogger anti spam processes, I strongly advise that you use a proxy server, or similar isolation technique. Never examine any hacking / spam attack component, unprotected.
yyxfkfgpiy
x24xd2wtu1
4o4fq0rqp9
26djmc3xyh
m9s5tdor2l
h62wo5uthr
bsojvu43gk

Some blog owners are seeing dozens of these mysterious blogs. Adding to the confusion, a couple owners have even thought that their legitimate blogs have been replaced. Fortunately, what is happening is that the legitimate blogs are still there - just not visible in the noise.

When queried for details, many owners report having received, and accepted, an offer involving FaceBook, and the suggestion to "Change your colors". Apparently, if logged in to both Blogger / Google, and FaceBook, this mysterious "FaceBook app" will simply setup quantities of BlogSpot hosted spam blogs, frighteningly reminiscent of blogs created as part of the long ago observed Russian Business Network spam blog farms.

Each blog created has the same initial content - a display, with the offer to "Change your FaceBook colors". The link to accept the offer then leads to a non Google website, which installs the malware, which creates the mysterious spam blogs, in mass quantity. For your examination, here is one example spam blog - which may or may not currently be online, using a proxy server link.
http://anonymouse.org/cgi-bin/anon-www.cgi/http://yyxfkfgpiy.blogspot.com/


We don't yet know what, if anything, is being installed on the computer used in the blogs creation - nor how malicious the virus is, when installed on one's own computer. Our advice is simple - avoid becoming a victim. If you are receiving invitations for this service, it's possible that your FaceBook friends, supposedly sending the invitations, are the current victims. If you ignore the offer, you should be safe.

It's possible, too, that this attack is enabled by the massive attacks of seemingly purposeless spam comments, being published on various blogs.

If you are concerned about this situation, you might want to check all of your blogs for unfamiliar code - then review your current protection, and even consider using Google 2-step verification.

>> Top

Comments

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodicallyI need the URL of my blog, so I can give it to my friends. Help!Who's buried in Grant's Tomb, after all?No Chuck, be polite.OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Leave Comments Here

Like any blogger, I appreciate polite comments, when they are relevant to the blog, and posted to the relevant article in the right blog. If you want to ask me a question thats relevant to blogging, but you can't find the right post to start with (I haven't written about everything blogger related, yet, nor the way things are going I don't expect to either), ask your questions here, or leave an entry in my guestbook.

As noted above, please note my commenting policy. If you post a comment to this post, I will probably treat it as a "Contact Me" post. If you have an issue that's relevant to any technical issue in the blog, please leave a comment on the specific post, not here. This post is for general comments, and for non posted contact to me.

If the form below does not work for you, check your third party cookies setting!

For actual technical issues, note that peer support in Blogger Help Forum: Something Is Broken, or Nitecruzr Dot Net - Blogging is, almos…

What Is "ghs.google.com" vs. "ghs.googlehosted.com"?

With Google Domains registered custom domains becoming more normal, we are seeing one odd attention to detail, expressed as confusion in Blogger Help Forum: Learn More About Blogger.My website uses "ghs.google.com" - am I supposed to use "ghs.googlehosted.com", instead?It's good to be attentive to detail, particularly with custom domain publishing. This is one detail that may not require immediate attention, however.