Feeds

Government websites invaded by smut and spyware

Redirection ruse used to peddle smut bazaars

Protecting against web application threats using SSL

A slew of government organisations and corporations are unwittingly helping hackers promote porn sites.

Targets as diverse as the Marin County Transportation Authority website in California and the Bank of Ghana have been unwittingly playing host to code that redirects surfers to smut as a result of insecure systems.

The tactic is aimed at increasing the search engine ranking of skin flick sites. The offending content is normally hosted elsewhere. However, some of the dodgy pages on compromised corporate servers attempt to install malware onto the PCs of visitors.

A (safe to view) sample html page featuring in this type of attack can be found here.

Typically, the pornographic redirects are hidden deep within the sites. Pages redirecting to smut sites were located via a Google search in directories normally reserved for staff reports on the Marin County website, for example. The front pages of the attacked sites remain unaltered.

Brookhaven National Labs was discovered to be harbouring redirections to pornographic sites last week. It promptly cleaned up its act.

The initial attack on the Marin County Transportation Authority website prompted a temporary shutdown and cleanup operation on all California government websites on 2 October. Despite this, the site was compromised again late last week.

The site was purged on Monday, although how long it stays that way remains to be seen.

The Bank of Ghana website still harbours redirections to porn site.

Anti-spyware firm Sunbelt Software has being closely monitoring the attacks, chronicling its observations on its security blog.

Alex Eckelberry, president and chief exec of Sunbelt, told El Reg that the porn redirection ruse is a common tactic. "These sites were, or in some cases still are, hosting code that does redirections to pornographic sites. Gangs are doing this to inflate search engine results. It's similar to, but more aggressive than, link comment spam," he added.

It's unclear what vulnerabilities were used to compromise the affected sites. DNS hacks, open admin portal (the suspected cause of the initial Marin County attack), or simply poorly patched systems are all possibilities.

"The hackers have automated bots that look for these vulnerabilities. It's hard to pin the cause down to any one thing but we think the same group was involved in the attacks on both Marin County and the Bank of Ghana, based on the sites that are being promoted," Eckelberry explained.

Small municipal organisations, such as the Marin County Transportation Authority, outsource their websites. Eckelberry says poor security policies by some hosting firms can contribute to the problem.

"These redirection uploads happen all the time. The problem is rife on university sites, for example. What happened to Marin County earlier this month, which led to a state-wide cleanup operation of government sites in California, should act as a wake-up call," he added. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.