After a few days of communicating with the people at wordpress.com about links that are showing up (pointing to viagra sites) I found a new link today, pointing to a domain that is trying to install a virus.
The domain used to trigger people to install it is hosted at a subdir of secure-19926.tld (the extention has been changed). This page holds an iframe pointing to a domain called http://tds.narrativepatterns.tld/ (extention changed). There you will see a so called explorer window stating you are having problems with mallware and offer you a download (exe file).
As stated before this proves to me that the code for showing the clicks, or the code it is calling, is the real problem, not the spamming itself. If, like stated on the wordpress fora, it was fixed we would not see these kinds of sites.
As for the plugin itself. I am not sure what the exact plugin is showing these stats. There are several of them available for download. Maybe the wordpress.com team can give more details about it.
If you are hosting your blog on wordpress.com then it might be a good idea to at least disable this plugin. In that case you visitors will not be bothered with them. Also think about hiding links to simular articles beneath your blogarticles.
Update: The exe file offered at that site is not being detected as a virus. Maybe it needs to be installed first. Have no idea how to do that :-)
The malware or virus that is offered at these sites is called Suspicious:W32/Malware!Online (or other simular names, depending on the anti virus seller).
Currently only the following vendors support protection:
This does not mean that it will not be cleaned by others soon. It’s a rather new thingy.