Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Many University Websites Used For Spam

image
JULIEN SOBRIER
March 22, 2011 - 2 min read
In January, I wrote about many high profile websites, mostly universities, that were hijacked to redirect to fake stores. Many have since been cleaned up, but a few of these University websites are still redirecting users to new fake stores (adobe-discount.com, terrific-software.com, successful-software.net, mmpsoftstore.com, successful-software.com, successful-downloads.com, general-oem.com, etc.)

In the past 2 weeks, I've seen a significant amount of spam hosted on University websites. Spammers seem to be using compromised user accounts on wiki-like services to upload spam for Viagra, banking loans, online casinos, etc.

Image
Fake pharmacy page hosted on the UCSF website
The list of Universities hosting such spam include:
  • MIT (hxxp://nola.mit.edu/~cil/nolawiki/images/7/70/Amortizing-loan-calculator.pdf)
  • Cornell (hxxps://confluence.cornell.edu/download/attachments/140416416/tab15.html)
  • UCSF (hxxp://dingo.ucsf.edu/twiki/pub/People/EricAadnes/tab7.html)
  • University of Pennsylvania (hxxp://george.isc-seo.upenn.edu/ocladmin/ocl/uploads/204599.txt)
  • University of Massachusetts (hxxp://xserv1.umb.edu/groups/podcasts/wiki/ce448/attachments/cec02/xs57.html)
  • Colorado State (hxxp://writing.colostate.edu/files/personal/108957/File_0FFC8EF8-EC2C-2238-F165D3DC0AA636A9.txt)
  • Oregon State (hxxp://foodfororegon.oregonstate.edu/sites/default/files/imagecache/al65.html)
  • OSU (hxxps://carmenwiki.osu.edu/download/attachments/16256437/tad44.html, down)
  • WUSTL (hxxp://cssa.grad.wustl.edu/sites/cssa.grad.wustl.edu/files/imce/user1208/ed60.pdf)
  • Eastern University (hxxp://ccgps.eastern.edu/members/dstore/member-blog.blog2/items/Cialis-Viagra-Online)
  • University of Washington (hxxp://modular.math.washington.edu:9001/role?action=AttachFile&do=get&target=sl45)
  • Oklahoma State (hxxp://asdevelopment.okstate.edu/logs/x.php?wy334=287)
  • Tufts University (hxxps://wikis.uit.tufts.edu/confluence/download/attachments/29761132/ced46.html)
  • National University of Singapore (hxxp://wiki.nus.edu/download/attachments/76947595/doc11.html)
  • and many others
There are thousands of these spam pages. They are used mainly in e-mail spam campaigns, hidden by a URL shortener.

The university and the fraternity I attended are amongst the victims as well: hxxp://alumni.iit.edu/s/946/forms/757/100824/game31.html, hxxp://pkp.iit.edu/bog/l.php?n249=300

University websites are becoming a preferred vector for different types of spam. The vast number of sub-domains, each of them likely managed by a different group which may not have professional IT/Security skills, make them an easy target.

-- Julien
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.