U.S. government's NOAA site hacked by pill pushing spammers

U.S. government's NOAA site hacked by pill pushing spammers

Summary: The U.S. government's NOAA (National Oceanic and Atmospheric Administration) Web site has been hijacked by spammers peddling prescription pills.

SHARE:
TOPICS: Tech Industry
12

The U.S. government's NOAA (National Oceanic and Atmospheric Administration) Web site has been hijacked by spammers peddling prescription pills.NOAA hacked page with spam links

The news section of NOAA's Climate Monitoring & Diagnostics Laboratory has been rigged with about 70 spam pages touting Soma, a prescription-only muscle relaxer.

The spam pages contain Russian-language banner ads, suggesting a link to notorious spam rings operating out of Eastern Europe.

All of the pages are interlinked to cross promote each other, a search engine optimization trick that ensures top listings on the major search engines, including Google.

According to Thor Schrock, who first noticed the links to the .gov Web site being spammed on his customer support forum, the Russian ad banners are powered by Wizard Rules, a London-based advertising network.

At 10:00 AM Eastern, the spam pages were still live despite attempts to contact the NOAA Web site administrators.

[UPDATE: March 5, 2007, 2:50 PM Eastern] The entire Climate Monitoring & Diagnostics Laboratory section of the NOAA site has been taken offline. A NOAA spokesman said the agency is assisting the FBI in an investigation into the breach.

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • does anybody know

    What servers the NOAA is running. There have been a lot of serious server exploits lately.
    xuniL_z
    • Server info

      Apache/2.0.52 (CentOS)

      See: http://web-sniffer.net/?url=http%3A%2F%2Fwww.cmdl.noaa.gov&submit=Submit&http=1.1&gzip=yes&type=GET&ua=Mozilla%2F5.0+%28Macintosh%3B+U%3B+Intel+Mac+OS+X%3B+en-US%3B+rv%3A1.8.1.2%29+Gecko%2F20070219+Firefox%2F2.0.0.2+Web-Sniffer%2F1.0.24
      Ryan Naraine
    • Linux

      According to Netcraft.com, NOAA.gov is running Linux.
      http://searchdns.netcraft.com/?host=noaa.gov&position=limited&lookup=Wait..
      thirdlife1
    • Let's get it straight boys ,,,

      76628 www.cdc.noaa.gov unknown August 1995 Apache/2.0.53 (Unix) mod_jk/1.2.8 mod_ssl/2.0.53 OpenSSL/0.9.6g Solaris 8

      63905 www.ngdc.noaa.gov unknown August 1995 Apache/2.0.46 (Red Hat) Linux

      3592 www.noaa.gov unknown August 1995 Apache Linux
      Intellihence
      • proves a point

        So you can't just slap on a non-MS OS and be safe? Who knew? ;)

        All hail the admins!
        ejhonda
        • Let's take a look at it from the MS perspective .

          More than half of the servers in this world run Apache , thus making it a bigger target . Did I hit the nail on the head or will the MS zealots now come in with a different story . Personally I blame the Admins for using Solaris .
          Intellihence
        • Does anyone know if ZDNET's Apache

          servers have been hit this way ? Just a simple question .
          Intellihence
    • I am amazed you have to ask that here!

      While several have posted an answer, shouldn't you go take a remedial networking class? This information is trivial to find out!
      B.O.F.H.
    • stack irrelevant

      The question is which buggy, leaky, crufty, down-rev, cross-site scriptable PHP app were they running? And how many users had really weak passwords.
      cls8
  • This is what ZDNET runs

    1064824 about.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States August 2005 Apache/2 Linux
    18625 adlog.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States January 2003 Apache/2.0 unknown
    - aolsvc.cnet.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States November 2002 Apache/2 unknown
    - apple.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States October 2006 Apache unknown
    667932 artists.download.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States June 2004 Apache/2.0 Linux
    187252 att.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States October 2004 Apache/2.0 unknown
    - auctions.zdnet.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States April 1999 Apache/2 Linux
    1165298 aycu05.webshots.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States June 2006 BaseHTTP/0.3 Python/2.4.4 unknown
    25625 blogs.download.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States August 2005 Apache/2 Linux
    2317803 blogs.techrepublic.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States October 2005 Apache/2 unknown
    1180 blogs.zdnet.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States November 2004 Apache unknown
    1620 boards.gamefaqs.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States July 2004 Apache unknown
    10431 builder.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States March 2002 Apache/2.0 unknown
    10904 cards.webshots.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States March 2000 Apache/2.0.51 Linux
    - cash-loan-003.blogspot.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States unknown Apache Linux
    - cash-loan-2007.myblogvoice.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States unknown Apache Linux
    1354060 catchup.cnet.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States March 2000 Apache/2 Linux
    1332801 cbgb.download.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States November 2005 Apache/2.0 unknown
    614681 cbsnews.com.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States March 2006 Apache/2.0 unknown
    17672 chkpt.zdnet.com CNET Networks, Inc, 235 Second Street, San Francisco, 94105, United States August 1998 Apache/2.0 unknown
    Next page >>
    INETU
    Intellihence
  • "Safe" sites

    This is why I keep telling people that you aren't safe from exploits even if you browse "known safe" sites and have no other protection. You can't assume anything on the net is safe, because you're trusting their admins too.
    rpmyers1
  • Conspiracy

    Maybe i read too many books or watch too much TV, but maybe the whole point of this spamming was to take that section of the site offline. Maybe they're planning something that would be noticed on that page. After all, they are a "notorious spam ring operating out of Eastern Europe". Maybe I'm thinking too much.
    Oracle619