Application security

Fortinet spots malware, phishing on Google pages

Hundreds of weblogs on Google's platform are being used in phishing attacks or to disseminate malware, according to research released this week by Fortinet.

Some traffic to the malicious blogs is being driven by a variant of the Stration mass-mailing worm, according to an advisory on Fortinet’s website.

One malicious script links to "Pharmacy Express," which advertises low-cost offers for Viagra and Valium but actually lures victims into typing in personal and medical information to be collected by fraudsters.

A script on the page downloads a file to track IP addresses, browser types and versions, according to Fortinet.

The company also disclosed a Blogspot site dedicated to the Honda CR450 automobile, which infects PCs with the Wonka trojan when they click on the blog’s links.

"The site may have been chosen due to its popularity in search engines," according to Fortinet.

Other malicious Blogspot pages were dedicated to Star Wars, school, furniture and Christmas, according to the Sunnyvale, Calif. network security vendor.

A Fortinet representative could not immediately be reached for comment today.

Barry Schnitt, Google spokesman, directed requests for comment to a company statement that said the search giant is looking into the reports and responding accordingly.

"These are not legitimate blogs that were compromised. They appear to be deliberately set up to promote phishing, which is against our terms of service," Google said in the statement. "We are investigating and blogs found to include malicious code or promote phishing will be deleted."

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.