Posted by: ITKE
SEO attacks, website vulnerabilities
Several government and educational websites redirect visitors to fake stores.
By Ryan Cloutier, Contributor
Security researchers at ZScaler Inc. have provided a list of government websites that have been hijacked, redirecting visitors to Google searches.
Government web properties are not the only targets of these internet villains, some university websites, including those linked to Harvard, MIT and Stanford have fallen as well. According to Julien Sobrier, a researcher at zScaler, the list of hijacked sites includes:
- Harvard (Alexa rank in US: 875, cxc.harvard.xdu)
- MIT (Alexa rank in US: 963, petar.blog.lcs.mit.xdu, fig.scripts.mit.xdu, hlt.media.mit.xdu)
- Stanford (rank 782, mentalhealth.stanford.xdu, yuba.stanford.xdu, assu.stanford.xdu)
- Fandango (rank 236, www.summermovies.fandango.xom)
There are also governmental sites in the list, from the U.S., China and other countries:
In zScaler’s research blog, Sobrier wrote that visitors are redirected to no ordinary Google search results; the results seem to consist entirely of fake online stores. The stores “sell” software at a discounted price. However, they all seem to have odd URLs and some of the sites are running SEO spam topics such as Viagra and U.S. student Visa.
Contemporary wisdom suggests these types of locations will not be kind to your bank accounts, Sobrier said.
Once again spammers have managed to poison search results for popular searches. This specific spam was reported a month ago, but it still shows up in the first page of results for multiple searches.
There also seem to be various domain names for the fake stores. The domain names run the gamut from the seemingly malicious software-supreme.com to the seemingly less threatening sacon.org. All in all the fake stores encompass at least 75 domains and each site looks slightly different.
What makes this attempt unique from your typical black hat attempt to turn Google’s algorithms against the common person is that the search engine optimization is in multiple languages. Usually spam SEO comes in English but this time we are seeing French, German and other varieties.