[ISN] Illegal pharmaceutical ads infiltrate gov, edu sites (again)

From: InfoSec News <alerts_at_private>
Date: Tue, 4 Nov 2008 00:17:48 -0600 (CST)

By Dan Goodin in San Francisco
The Register
4th November 2008

Hundreds of thousands of webpages belonging to businesses, government 
agencies, and schools have been infiltrated by scammers pushing Viagra, 
Tadalafil, and other drugs. The towns of Birmingham and Horwich in the 
UK and Princeton University in the US are among those who have been 

Yahoo searches here [1], here [2], and here [3] show the success these 
scammers are enjoying in plastering their ads all over the net. In all, 
Yahoo catalogs more than 1.5 million such pages, although not all of 
those appear on sites that have been commandeered.

The compromised sites, which also include Wakefield Parish Council and 
Purdue University, join the growing ranks of legitimate organizations to 
be manipulated to do the bidding of net criminals. Security researcher 
Don Jackson of SecureWorks said it was hard to pinpoint a common 
vulnerability in the compromised sites he examined. So-called SQL 
injections, a leading cause of many website hijackings, did not appear 
to be at play here.

"I don't see any kind of pattern to the app behind the sites," he said. 
"That makes me think the tool is brute forcing FTP passwords."

[1] http://search.yahoo.com/search;_ylt=A0oGklWkhw9JVcEAPSpXNyoA?p=apcalis+tadalafil+site%3A.net&y=Search&fr=yfp-t-501&ei=UTF-8
[2] http://search.yahoo.com/search;_ylt=A0oGkxgaiA9JGpkA6ZBXNyoA?p=apcalis+tadalafil+site%3A.edu&y=Search&fr=yfp-t-501&ei=UTF-8
[3] http://search.yahoo.com/search;_ylt=A0oGkyAkiA9JPRIAMHdXNyoA?p=apcalis+tadalafil+site%3A.org&y=Search&fr=yfp-t-501&ei=UTF-8

Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Nov 03 2008 - 22:17:48 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 22:27:45 PST