Attackers lurk on photo sites, firm warns

Quote:
Attackers lurk on photo sites, firm warns
Published: July 25, 2005, 3:49 PM PDT
By Joris Evers
Staff Writer, CNET News.com

Cybercriminals are increasingly using blog sites and other free online services to spread malicious code, Websense has warned. In the first two weeks of July, the security company's labs saw more than 500 incidents of such attacks, Websense said on Monday. The free services are being abused to install software designed to steal personal information or hijack a victim's PC.

"July has seen a major boom--in the first two weeks alone, we found more instances than in May and June combined," Dan Hubbard, the senior director of security and technology research at Websense, said in a statement.

For the year until mid-July, the San Diego company found a total of 2,500 incidents.

The free services are an anonymous and affordable way for attackers to store and spread their malicious code. In April, Websense reported that blogging services were being targeted by cybercriminals. The company is now warning that other services that offer free Web space--for example, photo album sites, fan sites or greeting card sites--are also being exploited.

The attackers typically lure people to the malicious sites by sending enticing e-mails and instant messages. When a victim clicks on a link, the computer becomes infected. In one case, a greeting card was displayed and a tune played in the background while spyware was being installed on the compromised PC, Websense said.

Automatic tools can be used to create some of the malicious Web pages, Websense said. Typically, the fraudulent sites are only online for up to four days, which makes them harder to detect, it added.

http://news.com.com/Attackers+lurk+on+p...ag=cd.lede