Blog-Hopper

The grueling week ended well. Homework was done with minimal sleep loss; the presentation was well-received; our project in on track. The tight schedule of the week was somewhat unreal to the extent that even though I know it was Friday (only because I know I went through Monday, Tuesday, Wednesday and Thursday and because all my work had been done), my mind did a doubletake when I realized it was really really Friday and the weekend is here! So I ended the week happy and satisfied. Well, not so happy and satisfied now because I've spent my last 4 waking hours reading from the screen (plus the first typing of this post was lost because I reset my cookies and had to re-sign in to blogger. grr...)

So what have I been reading? First, I went through my daily dose of blog-hopping -- checking blogs of friends for new entries and satisfying my voyeuristic tendencies reading about the life of strangers. If you're like me and have a tendency to blog-hop, you should be aware that there have been cases of spyware spreading through blogs. Once you're at an infected blog, you do not even have to click on anything to get infected. What happened is that blog owners downloads a program that purportedly adds some functionality to their site e.g adding music to site. Unknown to them, the JavaScript code that they put in their blog to obtain that functionality has malicious code planted in it. (CNet News: Spyware Infiltrates Blogs)

Visitors to Blogger's Blogspot.com network have complained that they were exposed to infected sites when they used the "Next Blog" link. [...]

Visitors to Blogger sites at Blogspot.com say they have been targeted with pop-up ads seeking to deliver malicious code to their computers. One ad erroneously warns people that their computers are vulnerable to spyware and prompts them to click the ad to protect themselves. Clicking the ad launches a download that infects a machine with spyware.

At least one Blogger visitor has charged that his computer was hit by an automatic download that did not require him to click on anything to become infected.

[...] [O]ne major culprit of malicious code was a service called iWebtunes.com, which lets people add music to the Web sites in the form of a couple lines of JavaScript code. Bloggers using Blogspot might embed the iWebtunes code into their template and then pass on the spyware unwittingly to visitors to their site.

iWebtunes will likely get a fee each time it spreads the spyware or it might benefit from the sale of advertising. The bloggers, on the other hand, will get nothing.

I've always hated personal sites that come with music. Not only does it inflate the page load time, you are also subjected to the person's brand of music which could get highly annoying (esp when it is on repeat mode) Hopefully this will actually put people off having music on their sites and thus do the world a whole lot of good.

So how do you protect yourself if you like to blog-hop like me? One option is to use Mozilla Firefox instead of IE as your browser. Another is to set the security settings in IE so that it deactivates JavaScript and ActiveX . Another good practice to keep your computer free of malware is to update your antivirus and scan your computer regularly. There are two web-based virus-scans which I highly recommend TrendMicro's House Call and Panda ActiveScan.

With that I wish you all happy blog-hopping.