Russian Hackers Break into NOAA to Push Pills
The news section of Climate Monitoring & Diagnostics Laboratory of NOAA has been flooded with around seventy spam pages peddling Soma, a muscle relaxer given only on prescription. The Website of NOAA has some unwanted Russian nesters residing in its directory. All the pages appear to have been posted on the Website on March 3, 2007.
Thor Schrock first took notice of the links to the .gov site and being spammed on the forum of his customer support wrote a blog about how he found out the Russians had intruded the government site.
He wrote that he got a spam post on his customer support forum, which he normally would've deleted and forgot. But he noticed a different one. It was the usual pill-peddling post with many other links. But these given links were directed to a .gov site, a very unusual event. It seems that either some authorized agent from NOAA or a professional hacker has intruded the site and exploited that to load over 70 pages on the prescription-only drug Soma.
All the pages are interconnected to prop up each other and gain the profits that a .gov backlink gives to those attempting to surface on the top of search results in search engines like Google.
The spammed pages are also filled with pay-per-click advertisements. The ads seem to have been written in Russian text.
The webmasters at NOAA should also take care of how the Apache web server sends back the information to the user of a directory page. Firstly, a page of this kind should not be visible, or accessible to people; it is an easy configuration modification in Apache to prevent net visitors from seeing a page from the directory.
Secondly, the web server also relays some information about itself, like the server edition and the OS (operating system) underneath it, back to the viewer.
The whole Climate Monitoring & Diagnostics Laboratory segment of the National Oceanic and Atmospheric Administration Website has been disconnected from the net. A spokesperson from NOAA stated that the agency is helping the Federal Bureau of Investigation (FBI) in a probe into the infringement.
Related article: Russian Spammer Uses UK To Host His Scam Site
» SPAMfighter News - 3/20/2007
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!