Beware Of Fake Blogger.com Blogs

A security vendor, Fortinet, has discovered fake Blogger.com blogs which contain script-iniated malware or redirect the visitor to phishing sites. Google (the owner of Blogger.com) has verified this and stated to CNET, "These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service. We are investigating, and blogs found to include malicious code or promote phishing will be deleted." Fortinet asserts that it's impossible for visitors to detect the danger from these hundreds of fake blogs, which look like legitimate blogs dedicated to a large range of interests, including Star Wars, auto hobbyists, school, furniture, Christmas, and girlfriends.

How can you avoid being taken for a ride when visiting Blogger.com blogs? You can turn off JavaScripts in your Web browser. If you're using Internet Explorer, this is "all or nothing" in that all Web sites visited will either be denied or allowed to run JavaScripts. Since most Web sites these days can't function without JavaScripts, your Web surfing will be decidedly boring or even unworkable until you manually turn on JavaScripts temporarily for Web sites you deem safe. And then you have to remember to turn JavaScripts off again when leaving the safe Web site.

I found that a better way to handle this is to use the free, award-winning Firefox Web browser and NoScript add-in, which denies all scripting (including JavaScript and any other executable script) until you manually allow scripting for each domain or allow scripting globally (which is not recommended). This can be per domain, so if you're visiting a Web site that uses scripts from multiple domains, you can pick and choose which ones, if any, to allow. If you don't already have Firefox installed, you can download it from the Firefox (with Google Toolbar) button in the sidebar on the right of this blog, or you can download it directly from Mozilla.com (without Google's Toolbar).