Q

How are companies removing malware from blogs?

What are most companies doing today to protect against malware picked up from blog sites? Not much at all, says information security threat expert John Strand.

This Content Component encountered an error
What are most companies doing today to protect against malware intrusion that may be picked up from blogs on sites like Blogspot? Are companies blocking those sites completely, or are they using tools that stop intrusions? Some here are upset that our company took away access to Blogspot, but I understand the need to protect the company from malware.
Most companies aren't doing anything at all. This usually is the result of an organization wanting an open and fun work environment. Unfortunately, many companies still believe that attacks originate from the outside and target their internal systems. But as we continue to learn with new threat vectors like cross-site request forgery, clickjacking and cross-site scripting, attackers can do well by simply posting malicious content on the Web and waiting for an unsuspecting user to surf to it. The best way to handle attacks originating from blog sites is to block access to them completely.

But remember, blog sites are not the only ones susceptible to these types of threats. Social networking sites like Facebook and MySpace can serve malicious content in the form of advertisements. Even sites like MLB.com have been victims of Flash-based malware. Blog access is ultimately a risk-based decision. If the majority of attacks against your environment originate from blog sites, blocking access is a good first step.

This was first published in February 2009

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close