2007.March.14 ~ ", one of the most visited blog sites, now owned by, has been visited by hackers that are posting malicious scripts. The scripts have shown up on hundreds of sites, and in some cases, a possible vector of the Stration mass mailer is responsible for driving traffic to these sites. The malicious code has appeared in many different forms. The first is a “storefront” for Pharmacy Express, which redirects from a (now link. Clearly, the Pharmacy Express site is a phishing site, which is designed to derive personal details and financial information from its visitors. The site is able to bypass a few automated malicious Web analysis tools by inserting “” as a keyword in its HTML search code. Not only this, it uses a basic obfuscation to download a 1x1 pixel image to track the browser information – IP address, browser type and version, etc. While the Pharmacy Express site is hosted in China, the 1x1 pixel image is hosted and registered in the United States..."

(Screenshots available at the URL above.)