IDG News Service - Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University.
NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google.
The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages.
Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap software.
Jane Platt, a spokeswoman for NASA's Jet Propulsion Laboratory, said the NASA site was safe to visit, but she declined to comment on the hacking incident because NASA's policy "is not to discuss security matters."
Some of the sites seem to have been hacked so that they pop up in the top results when Web surfers are looking for cheap Adobe software.
It looks like the scammers are trying to make money by generating Web traffic for online retailers, said Mary Landesman, a security researcher with Cisco's ScanSafe group. On some of the sites, visitors who arrive following a Google search are automatically redirected to online retailers.
Google awards a higher ranking to Web pages hosted on trusted, high-profile websites, so by hacking NASA and Stanford's pages, the scammers can generate more traffic for their clients and earn themselves more money in referral fees, she said. "Someone searching for cheap Adobe products is more likely to get those results," she said.
This type of search engine poisoning has been around for years. Hackers often use a Web hacking technique called SQL injection to break into websites, but they can also do this by stealing or guessing passwords.
With NASA set to launch the Space Shuttle Endeavor next week, a lot of people are visiting the space agency's website -- something that makes it only more valuable to hackers, according to Chester Wisniewski, a security researcher with Sophos. Although none of the sites examined Monday contained malicious software, that could easily have been the case, Wisniewski said. "If they were to get malicious code inserted into those pages, it could hurt a lot of people," he said.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!