Covert Abuse of a College Server Page 2
More Infected Servers
Here's the search I used, restricted to the
United States region:
inurl:edu viagra-online-100mg
Here are some of the hits I saw:
Wireshark
I tested these the same way,
using IceWeasel to click the
Google hits in a Kali Linux virtual
machine, and recording the traffic
with Wireshark.
UTS.EDU
The UTS hit in the image above
leads to this page:
It's the same gang, redirecting
with a 302 through securedata24.com:
BYU.EDU
The BYU.COM hit starts with an
HTTPS link, but redirects through
a similar securedata24.com URL:
Testing More Links
Here are more links to test:
TSU.EDU
Infected the same way:
MCM.EDU
They are infected differently,
with a direct link to the malware
on their servers, in the
primary URL:
Clean Sites
I found hits to these colleges which were
no longer going to malware sites,
so I suspect they were hacked and
cleaned, or perhaps they were
targeted and not infected.
SCCME link seems clean
Stanford seems clean
Harvard is OK, although Google labeled
it "This site may be hacked".
Notre Dame
Webb Institute
NMSU
Posted 1:13 PM 11-10-13 by Sam Bowne