Hijacked GOV and EDU Websites Serving Up SPAM

Monday, January 17, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The websites of some of the country's biggest universities, as well as several government administered sites, have been compromised and are redirecting visitors to SPAM ads.

Sections of the websites contain redirected links to spoofed Google searches for fake online stores peddling everything from software to pharmaceuticals.

Researchers at the security company zScaler discovered the website hijacks:

Recently, a lot of high profile .EDU and .GOV where hijacked to redirect users to fake online stores. Google searches related to buying software ("buy windows 7 key", where to buy microsoft, "purchase microsoft word", "buy microsoft office", etc.) contain a long list of websites running on non-standard ports: www.kidsforkidsfestival.org:8080, en.jurispedia.org:4444, >www.notiuno.com:4577, etc. These links redirect users to online stores which claim to sell software at a discounted price.

The list of hijacked sites include:

  • Harvard (Alexa rank in US: 875, cxc.harvard.edu)
  • MIT (Alexa rank in US: 963, petar.blog.lcs.mit.edu, fig.scripts.mit.edu, hlt.media.mit.edu)
  • Stanford (rank 782, mentalhealth.stanford.edu, yuba.stanford.edu, assu.stanford.edu)
  • Fandango (rank 236, www.summermovies.fandango.com)
There are also governmental sites in the list, from US, China and other countries:
  • openworld.gov
  • paceflorida.gov
  • fpa.tas.gov.au
  • ezhouinvest.gov.cn
  • perak.gov.my
  • misiones.gov.ar
  • etc.

There does not appear to be any particular factor that discerns which websites may be compromised, though most have strong search engine optimization (SEO) and high traffic ranks.

The SPAM operation is somewhat unique in that it uses multiple languages, not just English, and has managed to effectively use the Google algorithms to poison search results.

Source:  http://itknowledgeexchange.techtarget.com/security-bytes/popular-institutional-websites-hijacked/

Possibly Related Articles:
10139
Network->General
Google SPAM malware Government Headlines websites Education Hijack
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked