It seems like every time Earthlink makes headlines, it's because something has gone wrong.

Last August, the company announced it was canning half of its staff due to plummeting stock prices. Then around the same time three of Earthlink's municipal Wi-Fi projects derailed, which IT BusinessEdge blogger Carl Weinschenk detailed last  August.

Well, the hits just keep on coming for Earthlink. PC World reports that hackers have taken advantage of a vulnerability in Earthlink's servers to launch phishing attacks. Security expert Dan Kaminsky, of security firm IOActive, discovered the bug by attempting a JavaScript attack in Barefruit.

Barefruit is a service Earthlink has used since August 2006 to handle mistyped Web addresses. When working correctly, Barefruit will send the user to a Web page that displays advertising and suggested search terms . But phishers were able to hack into the servers and make malicious Web addresses appear like legitimate sites.

Earthlink isn't the only ISP to use Barefruit, according to this Wired article. Verizon, Time Warner, Comcast and Qwest also use it.

While the hole was immediately patched, Kaminsky says it points to a larger underlying problem: Greed. ISPs are so focused on making money that they are ignoring basic web programming techniques and putting users at risk.

In this Washington Post piece, Earthlink defended its use of Barefruit as a way to enhance users' experience. The company plans to continue to use the service, but says it will monitor the system closely.

Phishing has become a very serious problem of late. CEOs were recently the target of phony subpoena e-mails. But some companies, like PayPal, are taking steps to slow phishers down and encouraging others to join its ranks.