Select Page

We’re finding buckets of infected forums, blogs, wikis and tikis. A lot of “compromised” educational (.edu) sites, most likely from unpatched vulnerabilities.

Take a look at some of these examples (offensive screens are thumbnailed for the easily offended):


As you can see, a vast number of hits of sites that have been taken over by porn on the University of Southern California system (

But it’s not only USC.

We have Virginia Tech:


On this one Virginia Tech page, we get some really nasty porn (which we’ve covered up), with an offer to view more porn after installation of a fake codec:


Here’s the University of Maryland:


Searching Google for this one term brings up some rather disturbing stuff:


Similarly, searching for “amatuer porn movies free” on Google brings up more nasty stuff, including this:


Now, in the case of the Callutheran site, it’s a WIKI – there is a PHP script that loads HTML from here a porn site (http://www(dot) How did the script get there? We don’t really know, but suspect it could MediaWiki vulnerability.

A search for “Cheating Wives movies frees inurl:edu” brings us this:


And here’s more, Indian River Community College and USC:


Sniffing around one place, we find wide open access:


So there’s an open directory listing with a keyword list and two PHP scripts that load the security scam hijacker porn pages or re-direct to rogue applications like Privacy Protector:


It literally goes on and on and on and on and on.

Alex Eckelberry
(With copious credit to Sunbelt researcher Adam Thomas)