A Google-hosted blog is running phony security content that's linked to malware, as well as using Google's automated notification service to try to entice subscribers to click on an infected link, says one security expert.
To trick readers looking for information related to legitimate security products, the blog -- which has been spotted working under the name "Brittany" -- has copied content related to security vendors Symantec, Trend Micro and Aladdin Knowledge Systems, says Ofer Elzam, director of product management in Aladdin's eSafe division.
Elzam says this is the first time his company has seen this type of exploit. An Aladdin employee first spotted the exploit when she received a Google e-mail alert about Aladdin. But she immediately thought it looked odd.
"This alert was about an award from a few years ago, but someone had changed the quote slightly from 2005 to 2008," Elzam says about the Google alert e-mail. "There were other entries there too, related to Symantec and Trend Micro."
Anyone who clicked on links in the Google e-mail alert, or on the Google blog site with the fake security vendor information, would find themselves re-directed to a porn site and subject to attack code that would attempt to load malware onto their machine.
"This is the first time we've seen something like this," Elzam says. "If you get a message from a Google alert, you might think this is a service you can trust. But it's directing you to a rogue site with fake security software. And it's tricking Google, too."
Google's own statement of use associated with its blog service makes it clear that Google is under no obligation to patrol, noting that the Google blog sites "can carry offensive, harmful, inaccurate or other inappropriate material."
Google states in its usage policy that "Google does not monitor the contents of Blogger.com and Blogspot.com, and takes no responsibility for such content. Instead, Google merely provides access to such content as a service to you."
Aladdin's Elzam wonders if other high-tech companies in the network industry are finding their content purloined and their brands manipulated by malicious blog posts intended to fool users into downloading malware.
Tom Gillis, vice president of marketing at Cisco's IronPort division, says he isn't aware of anything similar targeting Cisco this way, but does know the practice of bogus blog postings to spread malware is a growing trend in sophisticated attacks.
"They use a blog to get your attention and then drag you to a Web site for downloading malware," Gillis says. "We're seeing this all the time now."