Google Blogger "hosts 2% of world's malware"

23 Jul 2008

Security firm claims Google's blogging service is a prime target for malware writers

Google's Blogger service is responsible for 2% of the world's malware hosted on the web, according to a new report from security firm Sophos.

The security firm claims hackers are setting up pages on the free blogging service to host malicious code, or simply posting links to infected websites in other bloggers' comments.

"Blogger accounts for around 2% of malware," according to Sophos's senior technology consultant, Graham Cluley. "It's head and shoulders above the rest [of the blogging services]."

Cluley says Blogger is worse than other blogging services because of its close ties with the search behemoth. "The attraction for the bad guys in targeting Blogger is that things pretty much get spidered instantly into Google, because it [Blogger] is part of Google," he says.

Sophos says it doesn't blame Google for the situation and that the company is proactive in weeding out malicious sites from its search results. It also claims pre-scanning blogs for malicious content simply wouldn't work. "The sheer weight of legitimate traffic makes that unworkable," claims Cluley. "We see 16,000 malicious web pages added every day - that's one every five seconds, and that's just little old Sophos. Google may see more than that."

"You could post a link into someone's blog and even if you checked that link at the time, it may be totally harmless. In 20 minutes time the hacker says 'OK, Google's now checked me, now I'll update the page'. So you have to continually scan all of the links on all of the blog pages to do this properly. Which basically is another whole new Google, re-spidering the web to check if there's something malicious there."

Google says its users mustn't be evil. "Google takes the security of our users very seriously, and we work hard to protect them from malware," a company statement reads. "Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network."