4 months later, education sites remain hacked
Servers direct users to phony online stores
- By Kathleen Hickey
- Apr 18, 2011
Several education websites are among those that continue to host links to fake online stores, despite the hacks being noticed months ago.
Julien Sobrier, senior security researcher for of Zscaler, reported the ongoing problem in a recent blog post, updating a situation he first reported in January.
Although many of the sites were cleaned up after his original report, Sobrier said he recently found 68 hijacked domains, mostly college and government-related sites, including sites run by the University of California at Berkeley, and Harvard, Purdue and Oklahoma State universities, he writes. The government sites currently involved appear to be those of foreign governments, such as Australia, although in January the list included some apparent U.S. state government sites.
Most of the sites have had pages added to the hacked server on port 80, although some are still hosted on alternate Web servers on standard ports, he added.
The hacked sites redirect visitors to phony stores that claim to provide discounted downloadable software from companies such as Microsoft, Adobe and Apple and visually remain the same as the stores found in January, said Sobrier.
Compounding the problem is that Google and Bing searches continue to show hijacked sites at the top of search results.
“A Google search for ‘buy windows 7 pro,’ for example, still shows primarily hijacked sites as the top of the results. It is very disappointing that Google has not cleaned up their search results after several months ... and Bing doesn't do a better job on this one either,” Sobrier writes.
Kathleen Hickey is a freelance writer for GCN.