Skip to main content

Two Popup Windows, On A Blog, Is Malware

If there is anything more obnoxious than the FaceBook "Like my blog!" popup window, it's a FaceBook "Like my blog!" window, preceded by a generic popup window.

It's possible that a blog which starts with two popup windows, one followed by a second, represents a blog owner who honestly wants people to enjoy her (his) blog. Even so, a blog that starts out this way is going to present a security analysis challenge, at best.

Seeing the growing popularity of the FaceBook popup (among blog owners, anyway), it's possible that the security scanning processes will, eventually, find a way to bypass the FaceBook code, and continue scanning. This may avoid some spurious malware classifications - if FaceBook developers can find a way to certify a genuine FaceBook popup.

Generic popup windows, on the other hand, need to be dealt with, sternly.

Every IT security consultant, with any experience, has seen the well known advice
Your computer may be infected with xxxxxxx malware. Download yyyyyyy remedy to remove xxxxxxx! OK to install?
That is a generic popup window. In this example, "xxxxxxx" is non existent - the install of "yyyyyyy" is merely the start to installing the "zzzzzzz" botnet member software.

Generic popup windows are suspicious.

Seeing a generic popup window, almost all security scanning processes are going to go into immediate threat detection status. Any blog, hosting a generic popup, should be immediately quarantined - so it can be scanned, through several levels of links, for a malware payload which surely hides somewhere.

A generic popup window, followed by a second popup, is even more suspicious.

Any blog which hosts a generic popup window, followed immediately by a FaceBook "Like my blog!" popup window, must be regarded with even more suspicion. It does not take any amount of paranoia (a mindset normal for all IT security professionals) to imagine a devious malware producer releasing his (her) own bogus FaceBook popup - with a little extra code added.

The generic popup window, preceding a bogus "FaceBook" popup, is then used as a "false flag" device, designed to confuse the security scanning software - so the malware delivered by the bogus FaceBook popup will be ignored.

The two popup windows, one after the other, may conceal malware installation.

Seeing the growing popularity of the FaceBook popup, surely there are malware vendors out there, planning just that technique, to deliver their product - if not already done.

Any blog owner, who adds both popups to her (his) blog needs to expect to receive a locked blog - followed by a locked Blogger account, as a devious / non repentant malware publisher.

Comments

Popular posts from this blog

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

With Following, Anonymous Followers Can't Be Blocked

As people become used to Blogger Following as just another tool to connect people, they start to think about the implications . And we see questions like How do I block someone who's been following my blog secretly? I couldn't see her in my Followers list (hence I couldn't use the "Block this user" link), but I have looked at her profile and could see that she's Following my blog. Following, when you look at the bottom line, is no more than a feed subscription and an icon (possibly) displayed on your blog, and linking back to the profile of the Follower in question. If someone Follows your blog anonymously, all that they get is a subscription to the blog feed. If you publish a feed from your blog, and if the feed is open to anybody (which, right now, is the case ), then it's open to everybody. If someone wants to use Following to subscribe to the feed, you can't stop this. You can't block it before, or after, the fact. You can't Block w