Hacked Military and Government Computers Push Online Rogue Pharmacies

A U.S. web hosting provider admitted that hackers have invaded dozens of web pages
of government, educational and financial sites through a software flaw to promote online rogue
pharmacies.

Brian Krebs, an investigative journalist, reported that a customer of a Utah based web site host provider exploited a bug in a web site
administration tool used by a majority of hosting providers to ultimately
redirect visitors from these institutional websites to online stores selling prescription drugs without
prescription requirements.

Something Set Up

Picture by S W Ellis via Flickr.

A U.S. web hosting provider admitted that hackers have invaded dozens of web pages
of government, educational and financial sites through a software flaw to promote online rogue
pharmacies.

Brian Krebs, an investigative journalist formerly with the Washington Post, reported that a customer of Hostmonster.com, a Utah based web site host provider, exploited a bug in a web site
administration tool used by a majority of hosting providers, as well as Hostmonster.com, to ultimately
redirect visitors from these institutional websites to online stores selling prescription drugs without
prescription requirements.

The redirection was done by creating subdomains within the legitimate institutional websites by using
the administration tool, and then linking “to dozens of pages created to hijack the sites’ search engine
rankings,” reports Krebs.

Although the subterfuge was conducted from April to July of 2010, the redirect sites were active until
last week when the company was contacted by a reporter. The company admitted that though they
corrected the bug in July to prevent unauthorized subdomain creation, the existing false pages were not
deleted.

Says Krebs, “Unfortunately this kind of search engine gaming is quite common, and often goes
undetected for months by site owners. Experts say those responsible tend to pick on .edu, .gov and .mil
domains because those domains are typically given more authority by search engines.”

Among the more than 40 compromised domains were the Sacramento Metropolitan Fire District, The
Army of the Dominican Republic, Access Bank and the Wright Institute.