Page last updated at 11:00 GMT, Friday, 5 March 2010

Fake drug scam hijacks UK college websites

Screen grab from online pharmacy, BBC
Servers were used to bounce people on to fake pharmacy sites

UK academic institutions have unwittingly become the accomplices of criminals selling fake drugs online.

A security firm has discovered many organisations using the domain are unknowingly pushing customers to websites offering the fake pills.

The scam exploits software flaws to piggyback on the computing resources of the colleges and universities.

Researchers at security company Imperva believe "thousands" of organisations may have fallen victim.

"It's a pretty successful campaign," said Amichai Shulman, of the firm, which uncovered the targeted attack.

Drug search

Imperva has found that many higher education institutions that use the domain are unknowingly helping customers get through to the spammers' sites.

In most cases, said Mr Shulman, the spammers have exploited vulnerabilities in a widely used technology called PHP. Many organisations use this technology to make websites more interactive.

"They used these vulnerabilities to inject PHP code into the site," said Mr Shulman.

The injected code included search terms associated with drugs such as Viagra, Cialis and many others. Also included was code that spotted when a visitor arrived at a compromised site from Google.

The injected code meant that, when a person searched for drugs online, the universities and colleges web addresses would pop up in the top results. Anyone clicking on the link would then be re-directed to a fake pharmacy peddling counterfeit pills.

At all other times a visitor would get through to the proper site. Typing in a web address would also lead straight to the real site.

"It's difficult to detect sometimes if you just type the link in your browser you get the original content," said Mr Shulman.

The criminals use the technique of piggy backing on legitimate sites to ensure that their websites show up in search engine results.

Mr Shulman said the speed with which sites were being put up and taken down made it hard to get an exact figure for how many sites had been hit. However, he estimated that "thousands" of sites, including many universities and colleges, had been caught out by the drug spammers.

Ravensbourne College of Design and Communication in Kent was one school that fell victim.

"We immediately took action to temporarily close down and remove the compromised area while we resolved the issue," said a spokeswoman for the college in a statement.

"Once we discovered the issue we were able to rectify it quickly, and we believe our site is now secure," she said.

"Some issues - such as the change to the search result text - may still appear on search results while we wait for the search engines to re-crawl the website."

Print Sponsor

Spanish police smash huge botnet
03 Mar 10 |  Technology
Botnet shutdown divides experts
26 Feb 10 |  Technology
How I helped nail the 'manhood' spammer
02 Dec 09 |  Magazine
Microsoft shuts down spam network
25 Feb 10 |  Technology
Spam 'produces 17m tons of CO2'
16 Apr 09 |  Technology
Criminals 'may overwhelm the web'
25 Jan 07 |  Business
Web mail scam propagates itself
07 Oct 09 |  Technology
Cybercrime threat rising sharply
31 Jan 09 |  Davos 2009

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific