Google's hosting service, Google Pages, is being used by hackers attempting to steal money using a malicious program, according to security vendor Websense.
It warned last week that a Trojan is being hosted on a site with the same IP address as the main Google Pages website.
Trojans present themselves as legitimate programs but actually conceal malicious code. They can be engineered to steal information from computers and are frequently spread by unsolicited emails or via IM (instant messaging) links.
Users are enticed to open attachments or click on web links to launch the Trojan, releasing the malicious code on their computer.
The Trojan appears to have been noticed before its authors have managed to launch an attack, Websense said. The company has not yet detected emails or IM links leading back to the Trojan, which is designed to steal bank details relating to certain financial institutions.
The Trojan, also known as a 'keylogger' for its ability to record keystrokes, is programmed to know when a user visits a bank site, and to then activate the keystroke recording function, said Ross Paul, a senior product manager at Websense.
Criminals often use free hosting services to post dangerous code, Paul said. "Anywhere there is anonymous access to create content is a pretty useful tool for criminals," he said.
The Trojan's file size has been reduced using ASPack, a file compression tool.
Google officials in London did not have an immediate response when contacted this morning.
Google Pages is the hosting complement of Google Page Creator, a free Wysiwyg (what you see is what you get) web page editor that doesn't require HTML (hypertext markup language) knowledge. Google Page Creator offers numerous templates and 100MB of storage for uploaded files and pages.
Within hours of its launch in February the service was taken down as a result of overwhelming demand. It was restored three days later.