UFSC.br – Brazilian University hosting SEO SPAM

UFSC.br (Brazilian Federal university in Santa Catarina), one of the biggest universities in Brazil, is hosting SEO SPAM on almost all their departamental web sites:

http://www.sead.ufsc.br – Department for distant education
http://cco.inf.ufsc.br/ – Computer science department (using WordPress 2.2)
http://www.lec.ufsc.br/ – Engineering department
http://emc.ufsc.br – Mechanical engineering department
http://www.ndi.ufsc.br/ – Department for child development
http://www.bu.ufsc.br/ – Library department
www.dssmovimentossociais.ufsc.br
http://www.infosam.ufsc.br/

And I could go on and on with this list. Most of them are using old versions of WordPress and Joomla, explaining how they got hacked.

We found it out while analyzing another hacked site that had hundreds of links to sead.ufsc.br:

<a href=”http://www.sead.ufsc.br/capas_fim2409/115/Drug-Free-Viagra.html”
title=”Drug Free Viagra”>Drug Free Viagra
..
<a href=”http://www.sead.ufsc.br/capas_fim2409/115/Affordable-Cheap-Propecia.html”
title=”Affordable Cheap Propecia”>Affordable Cheap Propecia

We searched a little more and saw many references to cco.inf.ufsc.br, which had spam similar to what we disclosed in this article. The shame is that they are still using WordPress 2.2… This is the output of our scanner against it:

http://sucuri.net/?page=saved-scan&scan=a27e24d491b07d461abc74f0dcec1e7f-saved

To search for more sites, use those Google queries:

“buy viagra” inurl:ufsc.br
“movie download” inurl:ufsc.br

As always, we tried to contact them and got no replies… If you know anyone working there, let them know about it.

If your site is hacked (or contains malware), and you need help, send us an email at support@sucuri.net or visit our site: Sucuri Security. We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

4 comments
  1. For the really big universities in Brazil, you can contact the CERT of the high-speed academic network (RNP.BR) if you cannot find the CERT of that particular university. Email a full incident description to: cais@cais.rnp.br. I suppose CERT.BR can also forward the warnings to someone.

  2. Hello! I'm from Florianópolis (city where ufsc is located) and I sent an e-mail to admins, two weeks ago I reported a SQL injection issue (answered 6 days ago).. ty guys!

Comments are closed.

You May Also Like