The popularity of the weblog, or blog, on the internet has recently been exploited by hackers, making the blog the next in a long line of online elements of which to beware. If you've been following the Black Hat security event, you may have heard about the presentation in which spokespeople from SPI Dynamics discussed the new risk surrounding blog site visitation. In case you missed it, it goes a little something like this:

According to an SPI Dynamics new release,  Hackers have begun transferring malicious JavaScript code to a user's computer via RSS and Atom feeds through which popular blogs are subscribed. The code is designed to run on the subscriber's computer, leaving it open for a hacker to install keyloggers, spyware, and other malware; scan the computer and network for open ports; and exploit vulnerabilities in the computer. Ways in which the code can be transmitted to a user's computer include:

1. Hackers can piggyback the code within the comments of a public blog.
2. Links on a web feed when clicked could lead to an infected blog.
3. The author of a web feed may accidentally paste the code into his blog.
4. The feeds themselves might directly transmit code through user download.

According to Business Week Online, the Pew Internet and American Life Project reports that in September 2005, 27 percent of adult internet users admitted to reading  blogs, which translates to a large number of people who could be affected by this new attack. Reading blogs, which can encompass every topic under the sun from international news to knitting to celebrity gossip, may seem like a harmless online pastime, but due to this new transferal technique, they may be more harmful than most hacker attacks. Since the JavaScript commands are code and can act without installing an outside file, the commands are able to bypass most antivirus software. Hence, there really is no way for a user to be sure that the blogs they enjoy aren't infecting their computer.

Since this is such a new threat, there aren't really any widespread solutions for it. The code itself is difficult for browser security settings to recognize as an infection because the feeds themselves are stored as HTML files instead of executable files, and HTML files are not considered a threat by security software. Turning off JavaScript capabilities can block JavaScript code, but it is not a practical solution, since so many websites rely on JavaScript for operation. According to SPI Dynamics spokespeople, JavaScript could be re-encoded, but at this time there exists no software to do this job.  Bloggers and blog readers alike are advised to filter their feeds to ensure the absence of malicious JavaScript and scan their computers for existing spyware or malware that may have been deposited by a hacker. In the meantime, switching to a less vulnerable reader may help provide extra protection.