Spyware infiltrates blogs | CNET News.com

It was bound to happen. With the growing popularity of blogging, our good friends the scumware vendors continue to find ways to invade our browsers, our computers, and our privacy. If you’re a blog-surfer, pay attention to the recommendations in this article. If you use Blogger or any similar system, push your host to fix their service – the scum will find new ways, but that’s no excuse to not close the doors found open.

From a personal standpoint, I can confirm numerous attempts from random blogs trying to load controls, images, or scripts. Fortunately, I use Firefox, which doesn’t provide the ever-maliciously-used ActiveX, and my security settings don’t allow third-party objects without my express permission.

Hackers are using blogs to infect computers with spyware, exposing serious security flaws in self-publishing tools used by millions of people on the Web.

The problem involves the use of JavaScript and ActiveX, two common methods used to launch programs on a Web page. Security experts said malicious programmers can use JavaScript and ActiveX to automatically deliver spyware from a blog to people who visit the site with a vulnerable Web browser.

Of course, the bottom line seems to be:

Webroot’s Stiennon advises people to http://www.getfirefox.com switch to the Mozilla Foundation’s Firefox Web browser for reading blogs. Either do that, or change IE security settings to deactivate ActiveX or JavaScript in the Web browser, he said.