A number of high-profile government and education websites have been hijacked to redirect users to spam sites, researchers at cloud security firm Zscaler said late last week.
Websites belonging to Harvard University, the Massachusetts Institute of Technology (MIT) and Stanford University were among those compromised, Julien Sobrier, senior security researcher at Zscaler, told SCMagazineUS.com on Friday.
In addition, the website for online movie ticket retailer Fandango was compromised, as were several other U.S. and Canadian government sites.
Affected websites were directing users to fake online stores selling discounted Microsoft software, including Windows 7.
Zscaler researchers discovered more than 75 of these stores, using domain names such as softsupreme.com, softsupreme.net, buysupreme.net, software-supreme.com, softbuy-download.net, softbuy-download.com, sacon.org, topoemdownloads.net. Some of the stores are also touting Viagra and U.S. student visas.
About 170 legitimate websites in total were infected, Sobrier said. The sites were compromised about a month ago, and some have not yet been cleaned up. It is not known how the sites were hijacked, but the hackers likely exploited a piece of vulnerable software.
Attackers aim to compromise well-known sites because they have high search engine rankings, allowing them to effectively promote the phony stores, Sobrier said.
The list of hijacked government sites included paceflorida.gov and openworld.gov – the website for Open World, a U.S. government exchange program.
At Harvard University, a site belonging to the school’s Chandra X-ray observatory was affected. Several academic sites belonging to MIT also were hijacked, including a page for the school’s The High-Low Tech group. At Stanford University, a site belonging to the Associated Students of Stanford University was compromised, as was a site that provides mental and sexual health information.
Most of the affected academic sites have been cleaned, Sobrier said.