March 15, 2007 3:07 PM PDT

When phishers attack blog sites

Phishers appear to be planting malicious exploit code on various sites in the hopes that you'll stumble upon them through keyword searches. Yesterday, security vendor Fortinet reported that certain Blogger.com sites appear to be hosting malicious content, and we speculated that the pages had been compromised using cross-site scripting attacks.

Today Google, which owns Blogger.com, said in a statement to CNET that the example sites cited by Fortinet appear to be "deliberately set up to promote phishing, which is against our terms of service."

Indeed, in reviewing the example we visited yesterday, there are numerous red flags. First, the content of the blog is gibberish. Although the page is in English, the visitor counter is in Russian. None of these alone are damning, but casual or even accidental visitors to the blog page could find themselves infected with a remote access Trojan horse. Google said that it is investigating these pages and concluded that "blogs found to include malicious code or promote phishing will be deleted."

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

Topics:: Content and publishing

Tags:: security,; blogger,; Google

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

Inside CNET News

Scroll Left Scroll Right

Software, Interrupted
Flexing the boundaries of flash memory
Flash memory is already a part of our daily computing lives. A breakthrough in flexible material may open many new market opportunities.
Gallery
A real-world test of Google Goggles visual search (photos)
Wireless
AT&T ceases online iPhone sales in NY area
Customers with metropolitan New York ZIP code trying to buy an iPhone on the wireless carrier's Web site are greeted with a message saying no phones are available. Is data congestion or credit card fraud to blame?
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Behind the scenes of CBS's NFL coverage
Technically Incorrect
Escaped convict continues to update Facebook
Craig "Lazie" Lynch has been on the run from a U.K. prison since September. However, he continues to taunt police by updating his Facebook status. Now he is threatening to quit.
Video
Deep-sea volcanic explosion--part 2 (video)
The Social
Facebook COO nominated to Disney board
Sheryl Sandberg, who has been chief operating officer of the social network for nearly two years now, will join the board if shareholders approve in March.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
Top-rated reviews of the week (photos)
Crave
Reports: Panasonic battery to power homes for one week
Panasonic is planning to market a home-use storage cell that will supposedly hold enough juice to power a typical Japanese home for one week, according to reports.
Green Tech
Ford sees bump in hybrid sales
Carmaker says its hybrid sales are up 67 percent this year, despite an 11 percent slump industrywide.