Users looking at a Google-hosted blog for security information could be in for a nasty surprise according to one security expert.
The 'Brittany' blog, which supposedly informs users of secuity risks, is actually trying to entice users to click on an infected link, said Ofer Elzam, director of product management in Aladdin's eSafe division.
To trick readers looking for information related to legitimate security products, the blog has copied content related to security vendors Symantec, Trend Micro and Aladdin Knowledge Systems, said Elzam.
Elzam said this was the first time his company had seen this type of exploit. An Aladdin employee first spotted the exploit when she received a Google alert about Aladdin. But she immediately thought it looked odd.
"This alert was about an award from a few years ago, but someone had changed the quote slightly from 2005 to 2008," Elzam said about the alert. "There were other entries there too, related to Symantec and Trend Micro."
Anyone who clicked on links in the Google email alert, or on the blog with the fake security vendor information, would find themselves re-directed to a porn site and subject to attack code that would attempt to load malware onto their machine.
"This is the first time we've seen something like this," Elzam said. "If you get a message from a Google alert, you might think this is a service you can trust. But it's directing you to a rogue site with fake security software. And it's tricking Google, too."
Google's own statement of use associated with its blog service makes it clear that Google is under no obligation to patrol, noting that the Google blog sites "can carry offensive, harmful, inaccurate or other inappropriate material."
Google states in its usage policy that "Google does not monitor the contents of Blogger.com and Blogspot.com, and takes no responsibility for such content. Instead, Google merely provides access to such content as a service to you."
Aladdin's Elzam wonders if other high-tech companies in the network industry are finding their content purloined and their brands manipulated by malicious blog posts intended to fool users into downloading malware.
Tom Gillis, vice president of marketing at Cisco's IronPort division, said he wasn't aware of anything similar targeting Cisco this way, but does know the practice of bogus blog postings to spread malware is a growing trend in sophisticated attacks.
"They use a blog to get your attention and then drag you to a webite for downloading malware," Gillis said. "We're seeing this all the time now."