And we see our hero, are running out of the building, slamming the door behind him running across the parking lot and jumping behind any large truck just before the building blows up. Says our hero, “Gee, I guess I just got out in time”.
I can’t help but feel something like that this morning as I read this from Matt Hicks over at EWEEK.COM: [1]
Dozens of blogs hosted by Google Inc.’s Blogger service can install programs that are widely considered to be spyware and adware onto visitors’ computers, warn users and spyware researchers. In many cases, users are discovering the offending sites as they browse among blogs through Blogger’s navigation bar.
The offending blogs typically prompt visitors to accept downloads through misleading pop-up windows, said Ben Edelman, a vocal spyware critic and Harvard University researcher. While a user typically must accept the download before the software installs, the prompts often attempt to trick users by disguising the download as a necessary Windows or Internet Explorer upgrade.
Edelman, who on Tuesday posted the results [2] of his tests, discovered dozens of Blogger-hosted blogs spreading spyware and adware programs such as Elitetoolbar, Crazywinnings and DirectRevenue. For example, security [3] vendors such as Symantec Corp. classify Elitetoolbar, or EliteBar, as adware [4] because it installs an Internet Explorer tool bar, redirects search queries and initiates pop-up ads.
It looks from here like the majority of the affected sites are linked via java to IWEBTUNES.COM, so I’m unconvinced that we can blame Blogger or Google specifically.
Still, because of the amount of black box stuff going on within Blogger… (one of the reasons I took BitsBlog off that service) it’s nearly impossible to tell how much of this stuff Google or Blogger has an actual hand in. Truth to tell, I had a love/hate relationship with that “Next Blog” pop bar, anyway. I got a substantial number of hits off that thing, but I always worried about what was on the other side of it. Turns out my suspicions were correct. not that my current hosting service is without problems, but at least they’re not injecting stuff on my pages.
Now, the suggestion has been made that the whole thing is Google’s fault because they allow JavaScript to be sent in to CSS on each site. of course the problem with removing Java ability within Blogger templates, is there are a number of services, including SiteMeter and Technorati, that use Java. Bitsblog made some fairly heavy use of it while hosted there. If I recall, I had 4 scripts running. So, I can certainly understand the reluctance to remove that ability. That would end crippling the majority of the Blogger hosted sites. Which, in turn, would create a mass exodus. Of course, if this issue isn’t addressed their going to have that, anyway. The question now becomes which is going to create the larger losses for Blogger.
Either way, I’m just as happy I bailed when I did.