Covert Abuse of a College Server Page 2

More Infected Servers

Here's the search I used, restricted to the United States region:
inurl:edu viagra-online-100mg

Here are some of the hits I saw:


I tested these the same way, using IceWeasel to click the Google hits in a Kali Linux virtual machine, and recording the traffic with Wireshark.


The UTS hit in the image above leads to this page:

It's the same gang, redirecting with a 302 through


The BYU.COM hit starts with an HTTPS link, but redirects through a similar URL:

Testing More Links

Here are more links to test:


Infected the same way:


They are infected differently, with a direct link to the malware on their servers, in the primary URL:

Clean Sites

I found hits to these colleges which were no longer going to malware sites, so I suspect they were hacked and cleaned, or perhaps they were targeted and not infected.

SCCME link seems clean

Stanford seems clean

Harvard is OK, although Google labeled it "This site may be hacked".

Notre Dame

Webb Institute


Posted 1:13 PM 11-10-13 by Sam Bowne