By NBF News
Click for Full Image Size

Servers were used to bounce people on to fake pharmacy sites

UK academic institutions have unwittingly become the accomplices of criminals selling fake drugs online.

A security firm has discovered many organisations using the .ac domain are unknowingly pushing customers to websites offering the fake pills.

The scam exploits software flaws to piggyback on the computing resources of the colleges and universities.

Researchers at security company Imperva believe “thousands” of organisations may have fallen victim.

“It's a pretty successful campaign,” said Amichai Shulman, of the firm, which uncovered the targeted attack.

Drug search
Imperva has found that many higher education institutions that use the .ac.uk domain are unknowingly helping customers get through to the spammers' sites.

In most cases, said Mr Shulman, the spammers have exploited vulnerabilities in a widely used technology called PHP. Many organisations use this technology to make websites more interactive.

“They used these vulnerabilities to inject PHP code into the site,” said Mr Shulman.

The injected code included search terms associated with drugs such as Viagra, Cialis and many others. Also included was code that spotted when a visitor arrived at a compromised site from Google.

When combined, the code meant that when a person searched for in the drugs online, the universities and colleges web addresses would pop up in the top results. Anyone clicking on the link would then be re-directed to a fake pharmacy peddling counterfeit pills.

At all other times a visitor would get through to the proper site. Typing in a web address would also lead straight to the real site.

“It's difficult to detect sometimes if you just type the link in your browser you get the original content,” said Mr Shulman.

The criminals use the technique of piggy backing on legitimate sites to ensure that their websites show up in search engine results.

Mr Shulman said the speed with which sites were being put up and taken down made it hard to get an exact figure for how many sites had been hit. However, he estimated that “thousands” of sites, including many universities and colleges, had been caught out by the drug spammers.

Ravensbourne College of Design and Communication in Kent was one school that fell victim.

“We immediately took action to temporarily close down and remove the compromised area while we resolved the issue,” said a spokeswoman for the college in a statement.

“Once we discovered the issue we were able to rectify it quickly, and we believe our site is now secure,” she said.

“Some issues – such as the change to the search result text – may still appear on search results while we wait for the search engines to re-crawl the website.”