BHSEO campaigns push unregulated meds

Jul 14, 2010 06:53 GMT  ·  By

Security researchers from Web integrity monitoring company Sucuri warn that numerous websites owned by Fox Television Stations and other sister companies have been compromised. The affected sites are used in black hat search engine optimization campaigns to push pharmacy spam.

Sucuri discovered the compromised Fox websites yesterday when they appeared in an automatic scan searching for sites abused in a widespread pharmacy BHSEO attack. A partial listing of Fox affected Web properties includes community.myfoxatlanta.com, community.myfoxhouston.com, community.fox8.com, community.myfoxchicago.com, community.myfoxdc.com, fox17online.com, community.myfoxaustin.com, community.myfoxny.com, my.foxreno.com, community.myfoxla.com, community.fox4kc.com, my.foxsearchlight.com, community.myfoxorlando.com, community.foxsports.com, fox40.com and speedtv.com.

Black hat search engine optimization, or BHSEO for short, refers to a series of techniques used by attackers to poison the search results for a specific set of keywords with malicious websites. In this case, by using hundreds of legit compromised sites the attackers increase the page rank of their own fake pharmacy website.

According to Sucuri the hacked websites are used to hijack search results related to prescription drugs and enhancement pills. The main problem is that the exploit is very subtle and only appears to Google's crawlers, not regular visitors. Webmasters can check if their website is affected by this attack by searching for on Google.

Another worrying aspect is that there is no single application or security hole exploited to compromise these websites. “It has become evident that this is not an exploit only affecting a specific application, or hosting provider. It is much larger than that. We’ve seen shared hosting services, VPS’s, and dedicated servers get nailed by this annoying spam attack. WordPress, Joomla, even static sites have made an appearance on Google’s long list of [...] spamming interwebs,” David Dede, security researcher at Sucuri, said.

The number of such incidents seems to be increasing. A few days ago we reported that many Argentinian governmental websites were compromised in a similar fashion.