14 DAY TRIAL // Security researchers from Zscaler warn that a considerable number of compromised governmental and educational web servers are being used to host rogue online stores.
This is a continuation of attacks spotted back in January which used fake websites set up on non-standard ports, namely 8080, in order to make it harder for webmasters to notice the.
"While some of the pages are still hosted on alternate web servers, [...] now, most pages have actually been added to the hacked web server, on port 80," notes Zscaler senior security researcher Julien Sobrier.
The servers that have remained compromised from months are not necessarily from obscure educational institutions or local government agencies.
The examples Zscaler gives are from Berkley, Harvard, Purdue, Oklahoma State University, or the New South Wales (NSW) government.
Despite the change in tactic, the rogue stores have pretty much remained the same and they sell highly discounted software packages.
Of course, buying from such websites carries significant risks. For one, the products are not genuine and the licenses could be revoked at any time, that if a product is even supplied after payment.
Second, inputting credit card details on these websites exposes users to fraud, because they are run by cyber criminals that feel no obligation to protect financial data.
Mr. Sobrier points out that Google and other search engine could do better at filtering out these rogue stores. For example, he says, searching for things like "buy windows 7 pro" will predominantly return malicious results.
Zscaler has created a free Firefox extension called "Zscaler Safe Shopping" which uses data from its cloud servers to prevent users from browsing to these rogue sites. The extension's blacklist contains only URL hashes, so that ill-intent individuals can't discover and attack the already vulnerable websites.