The Web sites of some of the nation’s top universities were discovered to be serving up links to bogus online stores offering everything from popular software by Microsoft to student visas and Viagra, according to a report from security firm zScaler. Portions of Websites belonging to Harvard University, The Massachusetts Institute of Technology (MIT) and Stanford University were found to be redirecting visitors to phony online Web “stores,” using multiple languages, that claim to sell software and other goods at discounted prices. The hijacked Web sites have relatively high search engine rankings, which are used to promote the phony Web stores in search results, Zscaler said.
A subdomain of Harvard University’s Website that belongs to the Chandra X-Ray Observatory was among the domains identified by zScaler as having been compromised. Also, various pages hosted on the domain of MIT belonging to academics, as well as a page belonging to the High-Low Tech group that “integrates high and low technological materials, processes and cultures.” At Stanford University, Web sites operated by the Associated Students of Stanford University was compromised, inclduing a Web portal for information about mental and sexual health. There was no clear pattern discernable among the sites compromised, though at least one of the subdomains was hosting the WordPress blogging software.
zScaler also discovered commercial and governmental sites that were redirecting users to the bogus online stores. Among them, a subdomain of the Fandango.com movie information site was found to be redirecting users, as was part of the Web site used to promote the Webby Awards, which honor excellence in online media.
The sites in question appeared prominently on Google search results and were noticeable in that they were running on non-standard ports, according to the post, by Julien Sobrier, a researcher at zScaler.
Attackers have increasingly turned to legitimate Web sites and Ad networks to serve up malicious links and to techniques like search engine optimization (SEO) to try to promote their malicious sites in the search rankings of engines like Google, Yahoo and Bing. A study of 300,000 sites in 2009 by Kaspersky Lab found that 1 in every 150 Web sites was serving up malware.