Select Page

Last week, I blogged about a massive hacking spree at the University of Maryland (now apparently all clean).  [Nope:  Still looks like they’re up spawning spyware, but we’re still checking.]

Today, we see more evidence of hacking.  Long Island University, Ohio State, Carnegie Mellon, Conservatorio de Música de Puerto Rico and Virginia Intermont College. 

Don’t go to these links — they are not safe. (Note: Sesso is Italian for “sex”. These are Italian porn sites serving spyware.)

139889999999er9999

212388888888888888ac234

328888wf8213888881233

412388812388888f884

51348888123123888

Many have been cleaned.  But Carnegie Mellon and Virginia Intermont College are still live with malware as this goes to press. 

And it’s not only educational institutions.  We also see that the World Health Organization has a hacked page showing porn:

Who12309899999


Alex Eckelberry
(Credit to Sunbelt researcher Francesco)

Update/Clarification: These are not all the same malware.  World Health Organization redirects to a porn site, which doesn’t show any exploit right now, only porn links with adultfriendfinder ads, but it might be a rotational page and it’s obviously a hack.  The hack on Carnegie Mellon is Gromozon: it redirects to a site which has an encrypted script that requires an Italian IP to view, and attempts to download malware, including a fake Zlob codec. The Vermont Intermont hack is apparently from the CallSolutions gang, using the exploit and malware distribution kit mpack