UK university websites hijacked; selling Viagra etc.

UK university websites hijacked; selling Viagra etc.

Summary: A number of UK colleges and universities with the .ac.uk domain name have been hacked and now dish out fake drug stores. Can you protect your network from website breaches?

SHARE:

A computer security firm has discovered a number of UK colleges and universities with the .ac.uk domain name hijacked and redirected to fake drug stores offering the usual spam-box full of supplies, according to the BBC.

It is believed that the PHP code on the sites was injected with malicious code which redirected them to fake drug stores, so when a user searches certain keywords on Google, the university or college website would appear at the top and be redirected from there. The value of the legitimate site may have boosted link views it is thought.

This appears to be a similar, or even perhaps the remnants of a previous assault which hit a number of wider websites last year - including schools and domain names ending in .gov.uk - the UK's government domain name.

Some of these webites can still be found with code injected at this Google search and this one. It is advised you do not click on any further links on the search results.

One student emailed me pointing out that their university had been hacked for months and issues were still arising from it. They were also concerned about their network security and how far this or other security breaches could go into the network.

Good news and bad news, for you my anonymous student friend.

It is good practice to have any public facing website for an organisation totally nucleated away from any internal network structure, including storage spaces and collaboration areas. Take a university website for example. There will be many areas there of which an ordinary member of the public can view the site but will be stonewalled by user authentication procedures when they get too far. This will only be reserved for students and staff.

But with the more internal network exposed - such as accessing read-only file directories offering a wide range of course files or student data - available on the web through a URL, whether it is password protected or not, can lead to dangers there. If the main website gets breached, as from time to time they will do, the behind-the-scenes may not be as safe and secure as you may hope.

Then again, if a website is breached and installs malware locally, you could end up bringing down your entire university network like what happened in Exeter only a few months ago.

I do not envy those who work in network security. The revolver I keep in my desk would make more than a daily appearance I fear.

Topics: Networking, Browser, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • UK university websites hijacked; selling Viagra etc.

    They must have been running linux.
    Loverock Davidson
    • The story is about a breach, not a OS. Add something meaningful. (NT)

      .
      BubbaJones_
      • Story is about PHP sites being exploited

        which, unfortunately, is an all too common
        occurrence.

        The train wreck that is PHP is a prime example
        of what can happen when an open source process
        goes wrong. PHP is haphazardly thrown together.
        It was never designed, it just happened.

        The poorly designed "language" (I use that term
        liberally here) appealed (still do) to
        cheapskate cowboy coders who have little
        understanding of robust programming
        disciplines.

        One example (and by all likelihood the culprit
        allowing these exploits) is PHPs <i>string
        interpolation</i>. What was a neat idea for
        automation scripting on the command line has
        turned into a disaster on web-facing scripts.
        honeymonster
        • PHP: Just like windows.

          None of them was ever designed, they just happened.

          Well, there's a difference, a huge difference. PHP is completely exposed, it's naked so it cannot use smoke or mirrors to fool you into believing that it's something you can trust.
          Great Kahuna
          • Please, enough with the excuses

            I think he was refering to the fact that when an IIS site gets hacked its the usual "Windows sucks, fools use it, go Linux, ect", then when a Linux (most likely) site gets hacked it's "shoddy programming, get rid of the programmer, Linux is great, ect".

            They ALL get hacked, let it go.
            John Zern
        • hahahahaha

          wow now what does php have to do with sloppy
          coding? there are lots of safe php websites out
          there. .net, java, coldfusion, ruby, none of those
          are safe if you dont filter out things like sql
          injection. your argument is totally irrelevant.

          ps. i am a .net developer so im not defending php
          or open source.
          Zlatko.Lakisic
          • The same thing that happens when

            you get shoddy programming in IIS. Why blanme the developer here, but give him a pass when he programs on Windows?
            John Zern
          • read above...

            did you read my post??? i mentioned all platforms.
            shoddy programming has no excuses, os, platform,
            framework or language. they are all tools to help
            developers build applications. the same thing
            happens in construction, you get bad poorly built
            houses that leak at the first sign of rain if they
            arent built to spec.
            Zlatko.Lakisic
        • Robust programming disciplines.

          Who uses that anymore?
          That's something we did in the 1960's and 70's out of necessity.

          Webmasters indeed!
          Ashtonian
  • RE: UK university websites hijacked; selling Viagra etc.

    BS - Be Specific. UK? University of Kansas, Kentucky, Knoxville, Keysville? The UK would imply United Kingdom; UK does not.
    clifflee
    • Bit picky?

      UK obviously means United Kingdom. The first line alone makes that clear with the context that it's written in.
      zwhittaker
    • American educational institutions are .edu domains

      University of Kentucky - http://www.uky.edu/
      University of Kansas - http://www.ku.edu/
      Kansas State University - http://www.k-state.edu/
      Kent State University - http://www.kent.edu/
      etc.
      djchandler
  • RE: UK university websites hijacked; selling Viagra etc.

    By the last line of Mr. Whittaker's story, it would appear that he is into <b><i>"fabricating".</i></b> We all know that the people of England have been disarmed by their <b>overly-zealous, politically over-correct</b> government. As such, he would <b>never</b> be allowed to have a revolver in his desk.
    JTF243@...
    • Gun clubs in the United Kingdom

      Yes they do allow pistols, Zack is not fabricating re pistols in the United Kingdom.

      See below for content pasted from the gun club I was a member of for many years.

      Based in Birmingham, West Midlands, the 49th Rifle & Pistol Club can offer:

      A club run BY members FOR members.

      A yearly subscription - (no 'green fees').

      Ranges for:

      Rimfire & Centre Fire Small Bore & Large Bore.
      Full Bore Target Rifles.
      Black Powder Pistols.
      Air Rifles & Pistols.

      Expert coaching and tuition in many shooting disciplines.

      Help and advice on many aspects of sports shooting and procedures.
      concrete lamposts
      • UK gun law

        JTF243@ is however correct, keeping a pistol in a desk draw, or anywhere where heaven forbid it could be used for self defence is illegal and has been for decades.

        .. with the obvious exception of criminals of course.

        And the legality of .22 & blackpowder is little consolation to those of us who had thousands of pounds worth of big-bore gear legally stolen by the government, & to hell with the 'compensation', theft is theft.
        AndyPagin
    • Revolvers, Yes...Disarmed, No...

      It is illegal to own a handgun in the UK. However
      you can still other firearms such as shotguns &
      rifles.
      DevJonny
      • Sorry, wrong.

        Please re-read the gun clubs post. Some handguns are still legal here, but never ever for self defence.
        AndyPagin
        • Actually...

          according to the MET web site
          http://www.met.police.uk/firearms_licensing/faqs
          .html, from which I quote:

          "Can I own a handgun?
          Handguns are banned in England. This applies to
          any firearm with an overall length of less than
          30 cm. However muzzle-loading handguns are
          permitted."

          Air pistols are not classified as a hand gun,
          and blackpowder are muzzle loading.
          DevJonny
  • Long barrelled pistols?

    Usually with a stock or metal rod attached. I have seen a long barrelled pistol (not a revolver) with no stock or metal rod, which was on the owner?s ticket.
    concrete lamposts
  • RE: UK university websites hijacked; selling Viagra etc.

    The same issue is prevalent in the United States. Although it has gotten better over the past week, for several weeks many of the listings on page one for keyword Viagra were .edu sites that had been hijacked and were redirecting to illegal online pharmacy sites. Our website, http://www.kwikmed.com , spends a great deal of time and money on white hat SEO techniques and we have to constantly battle these hijacked sites. How can Google let these sites maintain such a high ranking for such a long period of time? And why arent universities doing a better job protecting their domains?
    duker44