Sorry for the silly question - but if my Blog is hosted at Blogger.com, do =I= have to do something, or is it Blogger's responsibility to defend Bloggers against such attacks? Thx in advance.

mzinzag
"The Pharmacy Express phishers have been very aggressive in distributing the Pharmacy Express URL via mass mailers ( eg. Stration ). The spam message appears to link back to Blogspot.com ( screen shot below ).

""A blogger recognizing the domain may be more tempted to visit the link.""

You have to take an action and click on a fake url in an email to go there it is not something that is in the blogger code itself...

I would reword the title because there is no proof that blogger.com or blogspot.com are compromised, only that malicious code appears in a few websites. Being compromised is a whole different issue yet to be proven, but I won't say I'm shocked when it is.

They could've gotten the bad code just by using a 3rd party FREE template for blogger that contained the exploit, hard to say.

FWIW, just checked my blogspot site and it appears to be clean ;)

Not all sites powered by blogger are hosted on their servers. In some cases, people choose to provide their own web hosting, in which case a good amount of the security/responsbility is placed on the blogger -- and not google.

Not all sites powered by blogger are hosted on their servers

Those sites don't have blogspot.com subdomains and the sites referenced do.

[edited by: incrediBILL at 9:37 pm (utc) on Mar. 15, 2007]

These are not hackers, nor is this malicious code. This is Javascript spam they are on about.

What you (spammers) do is open a blog account. If you can not stuff code into the blog message area itself you go to your preferences and edit the css template area (you stuff your Javascript in there). They use Javascript as Google can not pick it up. They probably use encoded Javascript to stop google from even seeing a domain name.

Then, Google loving blogs and especially their own rank the damn thing high because they can not see the redirect. Surfers get these in the first page of search returns, click the link, Javascript redirects to target site.

Again, that is not hacking. Hacking is where you find a vulnerability in the OS or application itself and exploit that. Blog sites that are dumb enough to allow people to add Javascript to their "blogs" just go to show how much Google has put on suits of anti-spam armour only to leave their own backsides bare.

Oh forgot, after they stuff a blog with a javascripot redirect, they then go and bot poist the blog URL on forums and guestbooks.