4 months later, education sites remain hacked

Servers direct users to phony online stores

Several education websites are among those that continue to host links to fake online stores, despite the hacks being noticed months ago.

Julien Sobrier, senior security researcher for of Zscaler, reported the ongoing problem in a recent blog post, updating a situation he first reported in January

Although many of the sites were cleaned up after his original report, Sobrier said he recently found 68 hijacked domains, mostly college and government-related sites, including sites run by the University of California at Berkeley, and Harvard, Purdue and Oklahoma State universities, he writes. The government sites currently involved appear to be those of foreign governments, such as Australia, although in January the list included some apparent U.S. state government sites.

Most of the sites have had pages added to the hacked server on port 80, although some are still hosted on alternate Web servers on standard ports, he added.

The hacked sites redirect visitors to phony stores that claim to provide discounted downloadable software from companies such as Microsoft, Adobe and Apple and visually remain the same as the stores found in January, said Sobrier.

Compounding the problem is that Google and Bing searches continue to show hijacked sites at the top of search results.

“A Google search for ‘buy windows 7 pro,’ for example, still shows primarily hijacked sites as the top of the results. It is very disappointing that Google has not cleaned up their search results after several months ... and Bing doesn't do a better job on this one either,” Sobrier writes.

About the Author

Kathleen Hickey is a freelance writer for GCN.

inside gcn

  • consolidation (By tereez/Shutterstock.com)

    Inside Kentucky's strategy for improving IT operations

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group