By Dan Goodin in San Francisco
4th November 2008
Hundreds of thousands of webpages belonging to businesses, government
agencies, and schools have been infiltrated by scammers pushing Viagra,
Tadalafil, and other drugs. The towns of Birmingham and Horwich in the
UK and Princeton University in the US are among those who have been
Yahoo searches here , here , and here  show the success these
scammers are enjoying in plastering their ads all over the net. In all,
Yahoo catalogs more than 1.5 million such pages, although not all of
those appear on sites that have been commandeered.
The compromised sites, which also include Wakefield Parish Council and
Purdue University, join the growing ranks of legitimate organizations to
be manipulated to do the bidding of net criminals. Security researcher
Don Jackson of SecureWorks said it was hard to pinpoint a common
vulnerability in the compromised sites he examined. So-called SQL
injections, a leading cause of many website hijackings, did not appear
to be at play here.
"I don't see any kind of pattern to the app behind the sites," he said.
"That makes me think the tool is brute forcing FTP passwords."
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!