May 09, 2011, 6:43 PM — Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University.
NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google.
The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages.
Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap software.
Jane Platt, a spokeswoman for NASA's Jet Propulsion Laboratory, said the NASA site was safe to visit, but she declined to comment on the hacking incident because NASA's policy "is not to discuss security matters."
Some of the sites seem to have been hacked so that they pop up in the top results when Web surfers are looking for cheap Adobe software.
It looks like the scammers are trying to make money by generating Web traffic for online retailers, said Mary Landesman, a security researcher with Cisco's ScanSafe group. On some of the sites, visitors who arrive following a Google search are automatically redirected to online retailers.
Google awards a higher ranking to Web pages hosted on trusted, high-profile websites, so by hacking NASA and Stanford's pages, the scammers can generate more traffic for their clients and earn themselves more money in referral fees, she said. "Someone searching for cheap Adobe products is more likely to get those results," she said.
This type of search engine poisoning has been around for years. Hackers often use a Web hacking technique called SQL injection to break into websites, but they can also do this by stealing or guessing passwords.
With NASA set to launch the Space Shuttle Endeavor next week, a lot of people are visiting the space agency's website -- something that makes it only more valuable to hackers, according to Chester Wisniewski, a security researcher with Sophos. Although none of the sites examined Monday contained malicious software, that could easily have been the case, Wisniewski said. "If they were to get malicious code inserted into those pages, it could hurt a lot of people," he said.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com
