Last week, I blogged about a massive hacking spree at the University of Maryland (now apparently all clean). [Nope: Still looks like they’re up spawning spyware, but we’re still checking.]
Today, we see more evidence of hacking. Long Island University, Ohio State, Carnegie Mellon, Conservatorio de Música de Puerto Rico and Virginia Intermont College.
Don’t go to these links — they are not safe. (Note: Sesso is Italian for “sex”. These are Italian porn sites serving spyware.)
Many have been cleaned. But Carnegie Mellon and Virginia Intermont College are still live with malware as this goes to press.
And it’s not only educational institutions. We also see that the World Health Organization has a hacked page showing porn:
Alex Eckelberry
(Credit to Sunbelt researcher Francesco)
Update/Clarification: These are not all the same malware. World Health Organization redirects to a porn site, which doesn’t show any exploit right now, only porn links with adultfriendfinder ads, but it might be a rotational page and it’s obviously a hack. The hack on Carnegie Mellon is Gromozon: it redirects to a site which has an encrypted script that requires an Italian IP to view, and attempts to download malware, including a fake Zlob codec. The Vermont Intermont hack is apparently from the CallSolutions gang, using the exploit and malware distribution kit mpack.