英国学术网站被劫持销售假药

UK academic institutions have unwittingly become the accomplices¹ of criminals selling fake drugs online.

英国某学术机构在毫不知情的情况下成为犯罪分子在网上销售假药的帮凶。

pharmacy² sites" width="226" height="170" src="http://www.enread.com/upimg/100307/4_063406_1.jpg" />
Servers were used to bounce people on to fake pharmacy sites

A security firm has discovered many organisations using the .ac domain³（域名，领域） are unknowingly pushing customers to websites offering the fake pills.

The scam（骗局，诡计） exploits software flaws to piggyback（背负式装运） on the computing⁴ resources of the colleges and universities.

Researchers at security company Imperva believe "thousands" of organisations may have fallen victim.

"It's a pretty successful campaign," said Amichai Shulman, of the firm, which uncovered the targeted attack.

Drug search

Imperva has found that many higher education institutions that use the .ac.uk domain are unknowingly helping⁵ customers get through to the spammers'（垃圾邮件制作者） sites.

In most cases, said Mr Shulman, the spammers have exploited vulnerabilities in a widely used technology called PHP. Many organisations use this technology to make websites more interactive⁶.

"They used these vulnerabilities to inject PHP code into the site," said Mr Shulman.

The injected code included search terms associated with drugs such as Viagra（伟哥） , Cialis（西力士，壮阳药） and many others. Also included was code that spotted⁷ when a visitor arrived at a compromised site from Google.

When combined, the code meant that when a person searched for in the drugs online, the universities and colleges web addresses would pop up in the top results. Anyone clicking on the link would then be re-directed to a fake pharmacy peddling⁸（叫卖） counterfeit⁹ pills.

At all other times a visitor would get through to the proper site. Typing in a web address would also lead straight to the real site.

"It's difficult to detect sometimes if you just type the link in your browser¹⁰ you get the original content," said Mr Shulman.

The criminals use the technique of piggy backing on legitimate¹¹（合法的，正当的） sites to ensure that their websites show up in search engine results.

Mr Shulman said the speed with which sites were being put up and taken down made it hard to get an exact figure for how many sites had been hit. However, he estimated that "thousands" of sites, including many universities and colleges, had been caught out by the drug spammers.

Ravensbourne College of Design and Communication in Kent was one school that fell victim.

"We immediately took action to temporarily close down and remove the compromised area while we resolved the issue," said a spokeswoman for the college in a statement.

"Once we discovered the issue we were able to rectify¹²（改正，整顿） it quickly, and we believe our site is now secure," she said.

"Some issues - such as the change to the search result text - may still appear on search results while we wait for the search engines to re-crawl the website."