Sophos is warning internet users of the importance of properly securing their websites after it uncovered evidence that spammers are hacking into legitimate sites in their attempt to sell goods.
Spam campaigns that advertise drug-peddling internet pharmacies are directing users to webpages hosted on hacked innocent websites. These pages then automatically redirect surfers to the fake online store. The hacked websites all use PHP, a scripting language used by many internet sites, which has suffered from serious security vulnerabilities in the past.
“To the naked eye it looks like a bog standard spam message advertising medications,” said Graham Cluley, senior technology consultant for Sophos. “But it is actually pointing to a website that is owned by someone who is probably completely unaware that spammers have hacked into their site, and are using it to redirect visitors to an online pharmacy. Website owners have a duty to properly patch their sites against the latest vulnerabilities, or face being exploited by spammers. What’s more, since the web address is genuine, it’s possible more people will be tricked into clicking on the link, giving the spammers more incentive to keep plugging their pills.”
Because the spam messages point to an innocent website rather than directly to the online pharmacy, sites unaware of the spam campaign risk having their reputations tarnished. Furthermore, as most anti-spam products use information about the webpage pointed to as an indicator of whether the message is spam or not, emails linking to these hacked legitimate sites would not normally be detected as spam or blocked by web filters.
“Web surfers probably wouldn’t even notice they are being hopped across the net – the intention of the spammers is not to confuse their potential purchasers but to try and slip past anti-spam filters,” continued Cluley. “Normally a ‘joe job’ is a spam campaign forged to appear as though it came from an innocent party, with the intention of incriminating or pinning blame onto them. In this case, spammers are ‘joe jobbing’ innocent websites by having their spam point, however briefly, to hacked webpages which then redirect to the spammers’ preferred destination.”