AOH :: ISNQ4866.HTM

Another inconvenient truth: Al Gore's Web site hacked

Another inconvenient truth: Al Gore's Web site hacked
Another inconvenient truth: Al Gore's Web site hacked


http://www.infoworld.com/article/07/11/26/Another-inconvenient-truth-Al-Gores-Web-site-hacked_1.html 

By Robert McMillan
IDG News Service
November 26, 2007

A blog set up to promote former U.S. Vice President Al Gore's film, An 
Inconvenient Truth, has been hacked and is hosting links to Web sites 
hawking online pharmaceuticals.

The links appear to have been created as part of a scheme to boost the 
Web traffic for sites that promote the drugs, security experts said 
Monday. They contain titles such as "Xanax On Line," "Viagra," and "Buy 
Valium Online."

Cyber scammers have been using this technique for months now, packing 
hacked Web sites with links to their products in hopes of bumping up 
their rankings on search engines like Google and Ask.com. Another 
similar tactic, known as "comment spam," involves flooding the comment 
sections of Web sites with these types of links.

Because search engines give priority to pages that are linked to by very 
popular pages, adding links from the Inconvenient Truth blog would be a 
bonanza for scammers, according to Adam Thomas, a malware researcher at 
Sunbelt Software. The film's blog has "such a high page ranking that 
they use that as sort of conduit to ... gain a really high Google page 
rank and hope that they can find some suckers to buy some medications 
online," he said.

The climatecrisis.net domain, which hosts the blog, is registered to Al 
Gore, the star of the 2006 Academy Award-winning documentary on global 
warming. Not all pages on the site appear to have been compromised, 
security experts say; just those associated with the blog.

Though the drug-promoting links can be seen by the crawler software used 
by search engines, most visitors wouldn't even know that they exist. On 
Monday, they couldn't be seen on the Web page itself, but were visible 
in the blog's source code -- which only the people who maintain the Web 
site should be able to alter. The links point to Web pages on a site run 
by Westmont College, a small Christian college based in Santa Barbara, 
California. The Westmont College Web site also appears to have been 
hacked, Thomas said.

The hacked Westmont pages are in an early stage of development, but some 
of them were hosting blog pages that could ultimately be used to host 
ads for the drugs or even to link to other sites that actually sold the 
pharmaceuticals, Thomas said.

Thomas said attackers were most likely able to gain access to the blog 
by exploiting flaws in the WordPress Web publishing software used by 
both the Inconvenient Truth blog and Westmont College. Representatives 
for Al Gore and Westmont College could not be reached immediately for 
comment.

Once they gained access to the site, criminals could have easily added 
malicious exploit code to the blog, and that code could have been used 
to infect visitors' PCs with computer viruses, said Roger Thompson, CTO 
of Exploit Prevention Labs. "It just shows how tricky it is to secure a 
Web site," he said. "I think we're a bit lucky it's not shooting 
exploits."

Linus Larsson of Computer Sweden contributed to this story.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/

Site design & layout copyright © 1986- CodeGods