Some traffic to the malicious blogs is being driven by a variant of the Stration mass-mailing worm, according to an advisory on Fortinet website.
One malicious script links to "Pharmacy Express," which advertises low-cost offers for Viagra and Valium but actually lures victims into typing in personal and medical information to be collected by fraudsters.
A script on the page downloads a file to track IP addresses, browser types and versions, according to Fortinet.
The company also disclosed a Blogspot site dedicated to the Honda CR450 automobile, which infects PCs with the Wonka trojan when they click on the blog’s links.
"The site may have been chosen due to its popularity in search engines," according to Fortinet.
Other malicious Blogspot pages were dedicated to Star Wars, school, furniture and Christmas, according to the network security vendor.
A Fortinet representative could not immediately be reached for comment.
Barry Schnitt, Google spokesman, directed requests for comment to a company statement that said the search giant is looking into the reports and responding accordingly.
"These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service," Google said in the statement. "We are investigating and blogs found to include malicious code or promote phishing will be deleted."
Phishing campaigns spotted on Google Blogger.com pages
By Frank Washkuch on Mar 19, 2007 1:18AM