NIST.gov, heidelberg university and others have been hacked by black hat spammers.

Lately I’ve been getting some spam that I consider a special treat.  These are websites that have been exploited and used to promote spammy pharmacy products such as viagra and cialis. 

I am not happy that victims are being used, I’m intriqued on how the spammers managed to get away with it.

This one comes from NIST.gov: 

SPAM Hack of NIST.gov
viagra
http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html
viagra
[URL=”http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html”]viagra[/URL]
tramadol
http://www.nist.gov/HyperNews/atp/get/collaboration/288.html
tramadol

I’ve been working with the U.S. Govt for a long time so I am familiar with the NIST.  It is the National Institue of Standards and Technology: “Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department’s Technology Administration.” 

When I thought that they might have been hacked, I immediately sent and email to the webmaster.  But unfortunately they rejected my email.
Here is another hack attempt (this one unsuccessful):

UTA.edu
viagra
http://www.uta.edu/HyperNews/get/delgua/158.html
viagra
[URL=”http://www.uta.edu/HyperNews/get/delgua/158.html”]viagra[/URL]
phentermine
http://www.uta.edu/HyperNews/get/delgua/160.html
phentermine

Here is one is what looks like a division of Heidelberg University:

physi.uni-Heidelberg.de
cheap xanax
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
cheap xanax
[URL=”http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html”]cheap xanax[/URL]
generic viagra
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/860.html
generic viagra

email I sent to Heidelberg Universtiy (translated with babelfish):

Hallo,
Ihr Aufstellungsort kann ausgenutzt worden sein:
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
Die Person, die dies getan hat, benutzt Ihren Aufstellungsort zu Spam andere Internet-Aufstellungsorte. Traurig über meinen Deutschen. Ich verwende babelfish.altavista.com, um zu übersetzen. Auf Wiedersehen

Here is another attempt on Kryten.murdoch.edu.au 

pacific poker
http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html
pacific poker
[URL=”http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html”]pacific poker[/URL]
cialis
http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/297.html
cialis

As with any exploit, the spammers used a flaw in the webpage to post the data on victims webpages.  The sad thing is that it can happen to anyone.  Security Awareness is really the only defense one can have.
 

I have been getting a lot.  I’ll update this when I get some good one.