TheWebbyAwards hacked and compromised with Blackhat SEO

The WebbyAwards web site ( www.webbyawards.com/ ) is currently hacked and compromised with Blackhat SEO. If you try to search for it on Google you will get a warning saying that “This site may be compromised”:

And if you look at the source code of the page, you will see thousands of hidden spam links in there (about selling Windows vista, buying office, etc) pointing to gl.iit.edu:8080, www.korea.edu, www.gefassembly.org, www.ncsconline.org and car.dost.gov.ph. Yes, all “important” and high PR sites (one university, two .gov sites, etc).

<a href="http://gl.iit.edu:8080/id=8085=WHERE-CAN-I-BUY-WINDOWS-7.html’>where can i buy windows 7</a>..

<a href="http://gl.iit.edu:8080/id=1974=BUY-MICROSOFT-OFFICE-2007-FOR.html">buy microsoft office 2007 for windows</a>

<a href="http://www.korea.edu/m02/m02_06_03.php?3142=Windows-Vista-Price.php’>windows vista price at targe..

<a href="http://www.gefassembly.org/administrator/modules/mod_title/mod_title.php?id=3387=COMPRAR-OFFICE-2007.aspx’>comprar office 200..

<a href="http://car.dost.gov.ph/libraries/phpgacl/.gacl.php?5656=Windows-7-Ultimate-(64-Bit).php’>cheap upgrade to windows ..

If you also search on Google for some of these terms (like “windows vista price at targe” ), you will see webby.aol.com (webbyawards.com) in the top pages already (along with some .gov and .edu web sites).

We have no details on how it was compromised yet, but we will keep you posted (if we hear back from them). If you are a site owner, take this as a reminder to make sure that all your sites are updated, using good passwords, monitored and following the best practices.


Site hacked? Infected with malware or spam? We are here to help.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.