We posted a few weeks ago that the main site for the Walmart community network was hacked. Well, the problem is a lot bigger than that.
They have web sites for different cities and most of them are hacked too. For example:
- http://arkansas.walmartcommunity.com/ (18.104.22.168) – SEO spam
- http://florida.walmartcommunity.com ( 22.214.171.124) – SEO spam (only visible to google)
- http://chicago.walmartcommunity.com ( 126.96.36.199 ) – SEO Spam
- http://chicago.walmartcommunity.com/wp-includes/8pmax/ – Fake AV (when coming from google
- http://philadelphia.walmartcommunity.com/ ( 188.8.131.52 ) – SEO Spam
And probably every one of them, since I just checked the ones from their front page. But they are all using WordPress 2.8.4, hosted a Rackspace and configured the same way.
For example, if you visit the Chicago branch from a Google search of “2008 ford 250 pick trucks” or “monster trucks at jennerstown speedway 2008”, this is where you will be redirected:
As far as the other sites, they are mostly being used by the attackers to increase their PR on google with Spam keywords. That’s the output of our scanner:
This attack is very similar to the one against lean.mit.edu (which is still hacked) and many others. What is interesting is that I am seeing sites hacked where they are using the Walmart sites as their “base” to spread malware:
Wake up Walmart! And yes, I tried to contact them and got no reply…
As always, if you are having difficulties getting your site cleanup, send us an email at firstname.lastname@example.org or visit our site: http://sucuri.net. We can get your sites clean up right away.
Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.