Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Phishing Sites Hosted On Google Blogpsot

September 15, 2010 - 2 min read

We've previously reported on malware that can be accessed from Google search results and malicious executables hosted on Google Code. Additionally, Google Docs has been used for phishing and spam in the past. Now, Blogspot is being used to phish for Twitter credentials.

Form to enter your Twitter username and password


The blogs use different techniques to get a Twitter username and password from users. For example, they may offer to stream news about Jason Bieber or to help with dating, etc. Most of them claim to be the official Jason Bieber fan store,




Blog claims to be the official Jason Bieber fan store

The form used to gather the Twitter credentials is not actually hosted on blogspot, but rather on urghost.com. It is embedded as an iframe. Ironically, this hosting provider claims to offer a "Full Computer Cleaning Service package"! The credentials are sent to [email protected] using a script hosted on a Yahoo account at us.1.p11.webhosting.yahoo.com.

To reassure potential victims, the form states "WE have made the change to application sharing per Twitter TOS. We do not store User Names/Passwords". Twitter actually forbids transmission of login/password information from third party web applications, opting instead for the more secure OAuth protocol to communicate with Twitter accounts.

Some of the blogs involved are:





  • bloggercpaarmy.blogspot.com

  • twitterinsanityblog.blogspot.com

  • thewrestlingprofessor.blogspot.com 

  • insanitycelebblog.blogspot.com

  • gossip4you2.blogspot.com

  • insanityblog2343.blogspot.com

  • cupcooking.blogspot.com  


I've reported the domains to Google and expect that they will be shut down soon.

-- Julien

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.