Spyware infiltrates blogs

According to a report from CNET News.com,it says Hackers are using blogs to infect computers with spyware, exposing serious security flaws in self-publishing tools used by millions of people on the Web.
"The problem involves the use of JavaScript and ActiveX, two common methods used to launch programs on a Web page. Security experts said malicious programmers can use JavaScript and ActiveX to automatically deliver spyware from a blog to people who visit the site with a vulnerable Web browser",the report says.
The problem only affects Web surfers using Microsoft's Internet Explorer who fail to choose the highest IE browser security settings, security experts said.
Visitors to Blogger's Blogspot.com network have complained that they were exposed to infected sites when they used the "Next Blog" link. The feature was designed to help people discover new journals and takes Web surfers to a random Blogspot site.
"They left the back door wide open," said Ben Edelman, a Harvard University researcher who has documented the vulnerability on his site, referring to Blogger.
A Google representative responded by saying the company is "aware of this issue and we are looking into it."

有报道说,黑客利用部落格和安全上的漏洞来感染成千上万的网络用户。主要是利用JavaScript和ActiveX来自动传播病毒和窃取信息。大多数人并不知道如何设置浏览器的JavaScript和ActiveX。IE浏览器是受害者。
Blogspot.com的用户抱怨他们在使用“"Next Blog"的连接时感染了这种病毒。因为别有用心的人在他们的部落格部下了陷井。
”黑客留下了后门，”Harvard大学的Ben Edelman说道。
一位"Google的发言人说正在就此事进行调查。