Sunday, September 02, 2007

Blogging On Hold

Please take the time to read the following article, published 31 Aug 07, on the BBC News website -- Bloggers Battered by Viral Storm. Click here to read the article.

I am concerned enough to suspend my blogging activities here until I have further investigated this issue, particularly since I began receiving spam emails about three weeks ago that perfectly match the criteria stated in this article. How is it that this group has picked up my email address from this blog? I have taken great care to not publicly display my email address here. As a matter of fact, to my knowledge, there is nowhere on my blog that you can click to connect to my email address. This suggests to me that the personal information recorded with Blogger that connects me with my account may have been compromised.

Read the article. Evaluate your own vulnerabilities.

5 comments:

tanabata said...

According to Blogger:

You may have seen stories in the news recently about malware on Blogger, such has this one from the BBC or this one from Committee to Protect Bloggers. Blogger was not compromised. Instead, the blog posts are from bloggers whose machines were compromised by a Trojan horse. These bloggers had their mail2blogger email addresses in their computers' address books (a perfectly legitimate use case), so when the malicious software spammed every address in their address book with its content, a copy of that email was posted to their blog.

We are in the process of notifying impacted bloggers and recommending that they scan their computers and run current anti-virus software, available in the Google Pack. This is also good advice for all computer users, especially those who may have clicked the links in the emails sent by the virus. For more information about computer security, check out upenn.edu and us-cert.gov.

CdnReader said...

Yup. I read this, Tanabata, but it doesn't satisfy me. I don't subscribe to the mail2blogger function, so it doesn't explain how my email address became available to the spammers. And I haven't been infected with the virus, because I haven't had any "rogue" postings. Besides, I'm using a Mac.... so chances of infection are well-nigh impossible.

tanabata said...

I didn't realize you were using a Mac. That is odd then. Perhaps someone who does have your address, their computer was affected?

CdnReader said...

My own personal issue isn't so much about the viruses and malware (although that concerns me too). My computer is absolutely squeaky clean. It's that the group that HAS been posting on blogs with clicks to malware sites has also latched onto MY personal email address. I no longer think that this is just a Blogger problem though, as I've noticed an older address (my ex-biz addy which is still sitting mostly inactive at yahoo) is also receiving the same emails.

In my opinion, Nat, it's all very fishy and nerve-wracking, and I plan on being careful. I'm still seriously considering an email address change. I've worked very hard at keeping my new one spam-free, and I'm irritated to no END that some batch of no-goodniks with nothing better to do has tracked it down. Grrrr..... I may change blog sites as well. I still believe there are holes in Blogger that need plugging. I don't need the headaches, to be honest.

It also makes me concerned about blog-visiting!! These crooks are getting smarter all the time. I have no qualms about clicking on a link in a post on your site, Nat. But as the "social engineering" becomes more and more clever, it will become increasingly more difficult to tell the legit ones from the fake ones.

The whole thing has left me with a rather bad taste in my mouth, and more than a little bit of anxiety about my on-line presence.

tanabata said...

I have to admit I didn't even know anything about this latest thing until I heard about it. I'm careful about what I click on, and never do if I don't know the site and so far (knock on wood) I've been fine. Otherwise I tend not to worry about it too much. Naive maybe but having a live-in IT guy helps. :P
Funnily (well not really but..) my email address that gets the most spam is the one that I ONLY gave to friends and family. They're not too careful about BCCing and forwarding silly things so who knows where it got out. I figure there's not much point changing that address since they'll just do the same thing again. sigh.