Web sites for a number of the world’s most prestigious universities are serving specific porn and malicious content material after scammers exploited the shoddy record-keeping of the positioning directors, a researcher discovered lately.
The websites included berkeley.edu, columbia.edu, and washu.edu, the official domains for the College of California, Berkeley, Columbia College, and Washington College in St. Louis. Subdomains reminiscent of hXXps://causal.stat.berkeley.edu/ymy/video/xxx-porn-girl-and-boy-ej5210.html, hXXps://conversion-dev.svc.cul.columbia[.]edu/brazzers-gym-porn, and hXXps://provost.washu.edu/app/uploads/formidable/6/dmkcsex-10.pdf. All ship specific pornography and, in not less than one case, a rip-off website falsely claiming a customer’s pc is contaminated and advising the customer to pay a charge for the non-existent malware to be eliminated. In all, researcher Alex Shakhov stated, a whole lot of subdomains for not less than 34 universities are being abused. Search outcomes returned by Google record 1000’s of hijacked pages.
A handful of hijacked columbia.edu subdomains listed by Google
A handful of hijacked columbia.edu subdomains listed by Google
One of many websites redirected by a UC Berkeley subdomain.
One of many websites redirected by a UC Berkeley subdomain.
Hijacking a college’s good identify
Shakhov, founding father of SH Consulting, stated that the scammers—which a separate researcher has linked to a recognized group tracked as Hazy Hawk—are seizing on what quantities to a clerical error by website directors of the affected universities. Once they fee a subdomain reminiscent of provost.washu.edu, they create a CNAME file, which assignes a subdomain to a “cononical” area. When the subdomain is finally decommissioned—one thing that occurs steadily for numerous causes—the file is rarely eliminated. Scammers like Hazy Hawk then swoop in by hijacking the previous file.
With that, they’ve now hijacked that college’s subdomain. Given the reputations universities have, search queries then move to the highest of Google’s outcomes.
