Illegal pharmaceutical ads infiltrate gov, edu sites (again)
Princeton punts penis enlargement
Hundreds of thousands of webpages belonging to businesses, government agencies, and schools have been infiltrated by scammers pushing Viagra, Tadalafil, and other drugs. The towns of Birmingham and Horwich in the UK and Princeton University in the US are among those who have been hacked.
Yahoo searches here, here, and here show the success these scammers are enjoying in plastering their ads all over the net. In all, Yahoo catalogs more than 1.5 million such pages, although not all of those appear on sites that have been commandeered.
The compromised sites, which also include Wakefield Parish Council and Purdue University, join the growing ranks of legitimate organizations to be manipulated to do the bidding of net criminals. Security researcher Don Jackson of SecureWorks said it was hard to pinpoint a common vulnerability in the compromised sites he examined. So-called SQL injections, a leading cause of many website hijackings, did not appear to be at play here.
"I don't see any kind of pattern to the app behind the sites," he said. "That makes me think the tool is brute forcing FTP passwords."
The infection isn't exactly new. Reg reader Ron Wallis stumbled on an infected page being hosted on the Birmingham Council website three weeks ago and even went through the hassle of trying to notify someone responsible. Alas, he never got a response. ®