Back in January, Threatpost covered a story originally reported by Julien Sobrier of Zsacaler. Sobrier discovered that the websites of a number of prominent American universities and government institutions had been hijacked and were redirecting fake online stores. As it turns out, some of the sites mentioned in the initial report continue to do so.
According to his report, Sobrier discovered some 68 hijacked domains including, cshe.berkeley.edu (Berkeley), research4.dfci.harvard.edu (Harvard), web.ics.purdue.edu (Purdue), osu.okstate.edu (Oklahoma State), and brokenhill.ses.nsw.gov.au (Australian Government). Four months later, the fake stores have undergone little or no change in appearance and purpose and continue offering discounted software from Microsoft, Adobe, Apple, and others.
Even more troubling, major search engines like Google, and Bing have yet to clean the hacked domains from their search results. In just one example, a search of “buy Windows 7 pro” still yields a number of hijacked sites as top results, Sobrier reports on the zScaler blog. Read his full report here.