Tuesday, March 23, 2010

Gadget Based Malware Attack Continues

This week, we note that the hijacking of Blogger blogs, observed earlier this month, involving maliciously coded third party Blogger Gadgets, has resumed.

On a positive note, we see that Blogger has now taken responsibility of the problem.

Thursday, March 18, 2010

Avoid Custom Domain Problems

Having written my somewhat popular guide Troubleshooting Your Custom Domain Problems, I have learned that many problems addressed in the guide can be better solved by being avoided.

So, I'm now writing Setting Up A Custom Domain, as an overview to avoiding what can be avoided.

Thursday, March 11, 2010


Well, Blogger finally did it.

In Draft, today, you'll find the new Blogger templates. 3 column templates, templates that use transparency overlays, 4 column templates, even 3 and 4 columns, with split sidebars. And some very shiny backgrounds.

This will keep all the artistic types busy, for a good while. And there will be less damaged templates, from importing third party code.

From the Draft Blogger dashboard, select "Layout". From the navbar, "Customize". Then, "Template Designer".

So that's the end to boring Blogger templates. What you have now is a combinable inventory of 4 exciting styles, with separately selected layouts (2, 3, and 4 columns, split sidebars, left / right variations), a background library with colour palette, and adjustable column widths. Enough choices to keep many bloggers busy choosing.

Friday, March 5, 2010

Social Engineering Attacks Against Blogger Blogs

This month, we are seeing what appears to be the fourth identified social engineering attack against Blogger blogging, in as many months.

In December 2009, we saw a "blogoholic.info" hijack.

In January 2010, we saw a "smashingfeeds.com" / "searchinvented.com" hijack, most commonly involving a "Tweet This" accessory.

In February 2010, we saw a "sendptp.com" hijack, most commonly involving a "falling snow" / "falling hearts" (for Valentines Day) gadget.

This month, we are seeing a "deplayer.net" hijack, apparently involving various "visit counter" / "countdown timer" and "music accessory" gadgets.

Each month, some reports also mention gadgets identified in previous months, also redirecting to the hijack of the month URL. This makes the observed activity very likely to be part of an organised, persistent attack.

The most recently identified attacks use aggressively protected code, and may require manual de install procedures.

Please, be careful of any non Blogger accessory. If you (your blog) are the victim of any such accessory, and can identify where you got the accessory, or where it was recommended to you, your information could be valuable here.

It appears that some malware may be included in some gadgets installed by the Blogger "Add a Gadget" wizard. If you find removing any Blogger gadgets to provide you any relief, please report your findings in my article Some Hijack Malware Is Being Claimed To Be Blogger Provided. Your details, provided there, would be greatly appreciated.

>> Top