Spammers hack PHP Websites.Sophos has warned internet users Internet user n → internauta m/f Internet user Internet n → internaute m/f of the importance of properly securing their websites after it has uncovered evidence that spammers are hacking into sites in their attempt to sell goods. Spam campaigns advertising internet pharmacies internet pharmacy Online A website that offers prescription drugs from the comfort of home Cons The IP or prescribing physician may not be qualified or licensed to prescribe drugs in all states. See Operation Cure-All, VIPPS. peddling drugs are directing users to webpages hosted on hacked innocent websites that then automatically redirect re·di·rect tr.v. re·di·rect·ed, re·di·rect·ing, re·di·rects To change the direction or course of. n. A redirect examination. re surfers to the online store. The hacked websites are all using PHP (PHP Hypertext Preprocessor) A scripting language used to create dynamic Web pages. With syntax from C, Java and Perl, PHP code is embedded within HTML pages for server side execution. , a scripting language A high-level programming, or command, language that is interpreted (translated on the fly) rather than compiled ahead of time. A scripting, or script, language may be a general-purpose programming language or it may be limited to specific functions used to augment the running of an used by many internet sites, which has suffered from serious security vulnerabilities in the past. Because the spare messages point to an innocent website rather than directly to the online pharmacy  This article or section may deal primarily with the U.S. and may not present a worldwide view. , there is a risk that sites unaware of
the spam campaign may have their reputations tarnished. Anti-spare
products often use information about the webpage pointed to by an email
as an indicator of whether the message is spam or not.
The spam emails advertise an online drugs store. "To the naked eye it looks like a regular spam message advertising Viagra and Cialis," said Sophos. "But it is actually pointing to a website that is owned by someone who is probably completely unaware that spammers have hacked into their site, and are redirecting visitors to an online pharmacy. Website owners have a duty to properly patch their sites against the latest vulnerabilities, or risk being exploited by spammers." The HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. source code of the spam email reveals that it links to a page on a hacked website, and displays a graphic hidden on another exploited site. "If people visit the webpage on the hacked website they will then be automatically redirected to the real destination: a site pushing drugs," continued Sophos. "Web surfers probably wouldn't even notice they are being hopped across the net. The intention of the spammers is not to confuse their potential purchasers but to try and slip past anti-spare products." The spammers have hacked into websites which use PHP to plant redirection code that will take customers to their store. In this case the site is www.dickcheneyshotmetoo.com. The websites running PHP that spammers are hacking into are legitimate sites that would not normally be blocked by anti-spam solutions or web filters. www.sophos.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion