Recently, a lot of high profile .EDU and .GOV were hijacked to redirect users to fake online stores. Google searches related to buying software ("buy windows 7 key", where to buy microsoft, "purchase microsoft word", "buy microsoft office", etc.) contain a long list of websites running on non-standard ports: www.kidsforkidsfestival.org:8080, en.jurispedia.org:4444, >www.notiuno.com:4577, etc. These links redirect users to online stores which claim to sell software at a discounted price.
Spam results for buying Windows |
Major websites hijacked
The list of hijacked sites include:
There are also governmental sites in the list, from US, China and other countries:
Fake stores
The fake stores use multiple domain names, and each site looks slightly different: softsupreme.com, softsupreme.net, buysupreme.net, software-supreme.com, softbuy-download.net, softbuy-download.com, sacon.org, topoemdownloads.net, etc. I've seen more than 75 different domains so far.
Fake store |
Multiple languages and other spams
Unlike the usual Blackhat spam SEO coming from the Google Hot Trends, this type of spam is targeted at multiple languages: English, French ("achat windows"), German ("Microsoft kaufen"), etc.
Hijacked sites on non-standard ports are also used for other types of spam: US student visa, Viagra, etc.
Once again spammers have managed to poison search results for popular searches. This specific spam was reported a month ago, but it still shows up in the first page of results for multiple searches.
-- Julien
By submitting the form, you are agreeing to our privacy policy.