Compromised Universities Leads to Fraudulent Pharmaceutical Ads

Wednesday, March 16, 2011

Compromised Universities Leads to Fraudulent Pharmaceutical Ads

Continuing the "Compromised University Leads to Fraudulent Pharmaceutical Ads"; "Compromised University Leads to Fraudulent Google Brand-jacked Pharmaceutical Ads" series, in this post we'll discuss two more compromised web servers of educational institutions leading to pharmaceutical ads. Affected Universities are:

Rutgets Energy Institute:
ruei.rutgers.edu/documents/chin.php?adv=cialis20-mg
ruei.rutgers.edu/documents/chin.php?adv=viagra-ratings
ruei.rutgers.edu/documents/chin.php?adv=viagra-999
ruei.rutgers.edu/documents/chin.php?adv=viagra-expired
ruei.rutgers.edu/documents/chin.php?adv=viagra-kako-se

Uploaded redirectors:
ruei.rutgers.edu/documents/chin.php
ruei.rutgers.edu/documents/roar.php
ruei.rutgers.edu/documents/ost.php

Computer Music Center at Columbia University
music.columbia.edu/cmc/pills/index.php?adv=how-to-try-viagra
music.columbia.edu/cmc/pills/index.php?adv=damaskviagra
music.columbia.edu/cmc/pills/index.php?adv=brandlevitra
music.columbia.edu/cmc/pills/index.php?adv=vegetalviagra
music.columbia.edu/cmc/pills/index.php?adv=vviagra

The sampled URLs redirect to the following fraudulent pharmaceutical sites:
pillsedonline.com - 93.170.104.53 - Email: stavros1929@hotmail.com; stavroscomodromos@yahoo.com
buyperfecthealth.com - 93.170.104.53 - Email: stavros1929@hotmail.com
safedrugstock.com - 93.170.104.53 - Email: stavros1929@hotmail.com
securedrugstock.com - 93.170.104.53 - Email: stavros1929@hotmail.com
europharmas.com - 93.170.104.53 - Email: glockner546@hotmail.com
requestpills.com - 93.170.104.53 - Email: stavros1929@hotmail.com; stavroscomodromos@yahoo.com
online-doc.us - 93.170.104.53 - Email: cool_gamer90@mail.ru
pills4sex.eu - 93.170.104.53
securetablets.com - 93.170.104.53 - Email: stavros1929@hotmail.com
alledtablets.com - 93.170.104.53 - Email: stavros1929@hotmail.com; stavroscomodromos@yahoo.com
canadian-refills.com - 178.239.60.214 - Email: privacy-829911@domainprivacygroup.com

Cybercriminals continue purchasing web shells/and stolen FTP credentials to high page rank-ed web sites such as educational institutions. Monitoring of their operations will continue.

This post has been reproduced from Dancho Danchev's blog.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Wednesday, March 16, 2011

Compromised Universities Leads to Fraudulent Pharmaceutical Ads

No comments:

Post a Comment