Legal sites are often compromised and used as a stepping stone through which the user is taken to a malicious site.
The latest of this kind of schemes has seen a string of websites belonging to UK universities and colleges becoming the unsuspecting victims of an malicious injection of PHP code, through which fake drug peddlers made them pop up in Google searches when drug related search terms were entered.
According to BBC News, when users clicked on the link, they would automatically be redirected to the site selling counterfeit drugs. The injected PHP code contained also a code that would recognize if a user was coming from Google, making this scheme less visible to the legitimate owners of the sites – if a user enters manually the URL of the institution or follows any other link to the site, he will arrive on the legitimate site.
Security company Imperva discovered the scheme and alerted the institutions whose sites were compromised. Some of them, like the Kent-based Ravensbourne College of Design and Communication, have already cleaned their site of the malicious code, but will stop popping up in those searches only after search engines re-crawl the site.