14 DAY TRIAL // Experts have found that several machines from the Department of Computer Science at the University of Illinois are being infected with malware-serving websites.
Security researcher Conrad Longmore has identified several cs.illinois.edu domains hosted on IP addresses involved in malicious campaigns.
The list of affected domains includes tarrazu.cs.uiuc.edu, croft.cs.illinois.edu, tsvi-pc.cs.uiuc.edu, mirco.cs.uiuc.edu, ytu-laptop.cs.uiuc.edu, and node3-3105.cs.uiuc.edu, but there might be others as well.
Longmore says the IP addresses and the malicious domains hosted on them are connected to a malware spam run launched by a cybercriminal group dubbed “Amerika.” Amerika appears to be a Russian group that uses fake US addresses for its WHOIS details.
The expert says he has notified the university, but they haven't replied to his notifications. Hopefully, they’ll manage to clean their computers soon.
The Amerika gang is responsible for several spam campaigns, including ones that leverage the name and reputation of Amazon, PayPal, Walmart, ADP, LinkedIn and various other high-profile companies.
Update. The University of Illinois told Longmore that a single machine from their network was compromised. The device in question has now been cleaned up.