UFSC.br – Brazilian University hosting SEO SPAM

UFSC.br (Brazilian Federal university in Santa Catarina), one of the biggest universities in Brazil, is hosting SEO SPAM on almost all their departamental web sites:

http://www.sead.ufsc.br – Department for distant education
http://cco.inf.ufsc.br/ – Computer science department (using WordPress 2.2)
http://www.lec.ufsc.br/ – Engineering department
http://emc.ufsc.br – Mechanical engineering department
http://www.ndi.ufsc.br/ – Department for child development
http://www.bu.ufsc.br/ – Library department


And I could go on and on with this list. Most of them are using old versions of WordPress and Joomla, explaining how they got hacked.

We found it out while analyzing another hacked site that had hundreds of links to sead.ufsc.br:

<a href=”http://www.sead.ufsc.br/capas_fim2409/115/Drug-Free-Viagra.html”
title=”Drug Free Viagra”>Drug Free Viagra
<a href=”http://www.sead.ufsc.br/capas_fim2409/115/Affordable-Cheap-Propecia.html”
title=”Affordable Cheap Propecia”>Affordable Cheap Propecia

We searched a little more and saw many references to cco.inf.ufsc.br, which had spam similar to what we disclosed in this article. The shame is that they are still using WordPress 2.2… This is the output of our scanner against it:


To search for more sites, use those Google queries:

“buy viagra” inurl:ufsc.br
“movie download” inurl:ufsc.br

As always, we tried to contact them and got no replies… If you know anyone working there, let them know about it.

If your site is hacked (or contains malware), and you need help, send us an email at support@sucuri.net or visit our site: Sucuri Security. We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.