Whatever attracts users on the Internet also attracts malware. So when blogs (short for Web logs) started becoming really popular around 2003 spammers and hackers discovered new possibilities to spread spam and malware.

Blog spam (or comment spam or spomments) is created by automatically posting random comments or promoting commercial services in the comment section of blogs. Or in guestbooks, wikis, or other publicly accessible online discussion boards. Any Web application that displays hyperlinks submitted by visitors could be a target.

Blogger

The goal of the spammer is to add links across the Web that all point to the spammer’s Web site, thus artificially increasing the site’s search engine ranking and increasing the number of potential visitors and paying customers. This type of spam originally appeared in Internet guestbooks, where spammers repeatedly filled guestbooks with links to their own site and no relevant comment.

Most blog spam falls into one of three categories: comment spam, trackback spam, or a spam blogs (also known as splogs). Comment spam is an unsolicited and mostly unrelated comment on a blog that advertise a product or a Web site. Some of it might be added manually by a person to a particular blog entry, but most comment spam comes from scripts that can add many comments automatically to one post or many posts simultaneously.

With trackback spam spammers develop scripts that use blog software’s trackback features to automatically place spam on different blogs. A spam blog, or splog, is a blog created for no other purpose than to advertise products or point visitors to Web sites. Though ignored by most people, these blogs pollute the results of search engines that index the sites.

Apart from spam, blogs today are increasingly being exploited as a means to distribute malicious code and keylogging software. Blogs are an obvious backdoor opportunity for unknown exploits to invade legitimate sites.

According to a report from April 2007, six percent of the Internet’s blog sites are hosting active malware. 2007 also saw various variants of the botnet-building Trojan horse known as Storm worm using blogs to spread. For example, some variants would insert links to a malicious Web site if an infected user posted a blog.