Lean.mit.edu hacked and serving spam

Interested in Viagra, Cialis and some other “magical” medications? It seems that the MIT web site for the Lean Advancement Initiative (http://lean.mit.edu/ ) knows a bit about it:


Joking aside, they got hacked and are being used to serve a lot of SPAM. In fact, we were fixing a web site that had a lot of links to it:

original viagra bestellen 
original viagra rezeptfrei
viagra droga generica
..
viagra verpackung
cialis filmtabletten
viagra kaufen test
viagra original preis
günstig viagra

The script is also a bit clever, so if you visit it without any argument, it returns a 404 (try http://lean.mit.edu/blind/products/lesat/lesat.php ).
If you visit with an argument, it shows the spam: (try http://lean.mit.edu/blind/products/lesat/lesat.php?pills=bestellen-viagra )

The code being used is probably very similar to this one: http://blog.sucuri.net/2010/05/it-is-not-over-seo-spam-on-sites.html

If you know anyone at the MIT, let them know about it.

As always, if you are having difficulties getting your site cleanup, send us an email at contact@sucuri.net or visit our site: http://sucuri.net. We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

Scan your website for free:
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.

  • Anonymous

    The All Great MIT got hacked an no one noticed?

    Let me guess they were cavorting for the Vanity Fair shutterbugs all weekend in the Hamptons.

  • http://www.blogger.com/profile/06502783142939832051 Anapologetos

    "If you know anyone at the MIT, let them know about it."

    As a member of the security field, and the finder of the abuse, why are you not taking the initiative and report it to them? (http://ist.mit.edu/security/report)

  • http://www.blogger.com/profile/14980808976404159238 http://sucuri.net

    Anapologetos: Maybe we already did and got no reply? :)

  • Anonymous

    Is this nightmare over yet?

  • Anonymous

    We have contacted the owners of the server to remediate the issues. The nightmare will be over soon.

  • Pingback: All the sites at the Walmart Community network hacked | Sucuri Blog