Blog Herald writes about spyware being hosted on Blogspot blogs (Blogspot is the public view of Google’s Blogger). Ben Edelman wrote about this months ago as well.
Yes, we’ve seen this as well. However, I want to make it clear that this does not mean Blogger hosts spyware or that having a blog will create spyware or any other such nonsense. Blogger just hosts a blog, and people can put all kinds of junk on it.
How can you get a spyware from a Blogger site? Just press NextBlog on the navigation bar on a Blogspot blog. NextBlog randomly goes to another blog, and if you’re lucky, you’ll hit one with a spyware payload! Couple of spyware sites we found are http://everiimoment(dot)blogspot(dot)com/ or http://3verlastin9lov3(dot)blogspot(dot)com/ (don’t go there unless you’re in a VMware session).
Note that a recent check of NextBlog (which is actually just a link to the URL www.blogger.com/redirect/next_blog.pyra?navbar=true) didn’t give us any spyware activity on a number of tests. We were seeing it last week but not this week. Go figure.
Here’s what these pages might look like:
However, a lot of what you see when you press Next Blog on Blogger is junk search engine sites, whose whole purpose is to create links that increase search engine results or to get people into a Blogger site and present Google adwords.
Like this:
My suggestion to the Blogger folks is to perhaps have a button on the Navbar panel which says “Report site”. This would be useful for reporting any type of naughty site.
Note that there’s spyware out there, but then there’s mental diarrhea like this site.
There’s no accounting for taste.
Anyway, just be aware and I would caution people from using the NextBlog button.
Update: The venerable Andrew Clover makes a very good point in the comments here.
Alex Eckelberry