By: Julien Sobrier

Many University Websites Used For Spam


In January, I wrote about many high profile websites, mostly universities, that were hijacked to redirect to fake stores. Many have since been cleaned up, but a few of these University websites are still redirecting users to new fake stores (,,,,,,, etc.)

In the past 2 weeks, I've seen a significant amount of spam hosted on University websites. Spammers seem to be using compromised user accounts on wiki-like services to upload spam for Viagra, banking loans, online casinos, etc.

Fake pharmacy page hosted on the UCSF website
The list of Universities hosting such spam include:
  • MIT (hxxp://
  • Cornell (hxxps://
  • UCSF (hxxp://
  • University of Pennsylvania (hxxp://
  • University of Massachusetts (hxxp://
  • Colorado State (hxxp://
  • Oregon State (hxxp://
  • OSU (hxxps://, down)
  • WUSTL (hxxp://
  • Eastern University (hxxp://
  • University of Washington (hxxp://
  • Oklahoma State (hxxp://
  • Tufts University (hxxps://
  • National University of Singapore (hxxp://
  • and many others
There are thousands of these spam pages. They are used mainly in e-mail spam campaigns, hidden by a URL shortener.

The university and the fraternity I attended are amongst the victims as well: hxxp://, hxxp://

University websites are becoming a preferred vector for different types of spam. The vast number of sub-domains, each of them likely managed by a different group which may not have professional IT/Security skills, make them an easy target.

-- Julien

Learn more about Zscaler.