It was thought to be outdated, abandoned in a world where teenagers spend more time in front of the television and video console than with a book. But writing is making a triumphant return among young people thanks to the arrival of SMS, emails and, recently, those modern personal journals called "blogs". Some 80,000 new blogs are created and more than 900,000 messages are posted every day, according to Technorati, a website specialising in blogs. Studies show that blogs have quickly found a vast readership: in the United States alone, nearly 50 million Internet users say that they read articles published on blogs.
And yet, in the world of IT security, being successful also means being attacked by viruses and hackers. Blogs are no exception to this rule. Victims of their own success, they are being targeted by spammers, who first tried to pollute existing blogs with a profusion of advertising messages and who are now also creating fake blogs, called splogs (spam + blogs), containing nothing but advertising. Whereas these unwanted blogs represent nothing more serious than a waste of time and energy, other usurper sites such as vlogs (blogs containing malcodes like viruses or Trojans) or even phlogs (which carry out phishing) may have more serious consequences. What do these threats consist of?
Blogs comprise a wide variety of forms from personal journal or travel journal to a chronicle of current events or daily life, even “unofficial” information from a war zone. Thanks to free hosting services and using software designed to automatically create blogs, most of these sites are published by ordinary Internet users, not journalists or IT professionals. Blogger and Type-Pad are among the most well known of these service providers.
Nothing could be easier than creating your own blog. Just register on the site of one of these service providers and, in a few clicks, the blog is created! There’s no need to know HTML: the blogs follow a predefined model that can be customised. Publishing articles is as simple as posting a message on an electronic forum. Readers can also comment on the articles published on most blogs. In the case of sites hosted on the Blogger network, the reader can surf between different blogs by simply clicking on the “next blog” button.
But why are people so fascinated by blogs when they are, after all, very similar to personal web pages? Because blogs are presented in the form of an interactive media with forums or a message board and so are completely different than the limited tools (and often neglected layout) of personal web pages.
Spam continues to pollute inboxes, but for some time now users have had access to special tools to combat it (anti-spyware, among others). By turning their attention to blogs, spammers have picked a vulnerable target. They literally trap the Internet user, who has no reason to visit their site, by making them think that the information they’re looking for is on their page.
Called "splogs", these bogus blogs are created by robots (programs which automatically carry out certain procedures) which copy Internet users’ most-searched-for articles and expressions from other blogs. The robot then adds links from the original site to the spammer’s “mother site”. The aim is to increase the mother site’s visibility on the Internet (page ranking), i.e. to ensure that the site address appears at the top of search engine results, even when Internet users enter a keyword which has nothing to do with the spammer’s line of business.
Known as “spamdexing”, this technique takes advantage of the system search engines use to classify results. Search engines such as Google display their results depending on the number of links towards the site evaluated (links are considered to be an indicator of popularity). The higher the number of sites with a link to the final site, the higher this site will appear in the search engine’s results.
Splogs and abusive page rankings waste Internet users’ time and direct them to web pages which have nothing to do with the words they’re searching for. But the most important problem is that they make accessing information more difficult, saturate the hosting platforms and discredit blogs. Internet users should also take another threat into account: there is no guarantee that these fake blogs, created by unscrupulous authors, don’t contain links contaminated by spywares, Trojans or even viruses. The risk of coming across an infected blog is still minimal, but there have already been reports of emails inviting the reader to click on a link to an infected blog. Internet users should be just as vigilant as they are about emails and all websites in general: don’t click on suspicious links or objects and update your antivirus and other software.
