Lean.mit.edu hacked and serving spam

Interested in Viagra, Cialis and some other “magical” medications? It seems that the MIT web site for the Lean Advancement Initiative (http://lean.mit.edu/ ) knows a bit about it:

Joking aside, they got hacked and are being used to serve a lot of SPAM. In fact, we were fixing a web site that had a lot of links to it:

original viagra bestellen 
original viagra rezeptfrei
viagra droga generica
viagra verpackung
cialis filmtabletten
viagra kaufen test
viagra original preis
günstig viagra

The script is also a bit clever, so if you visit it without any argument, it returns a 404 (try http://lean.mit.edu/blind/products/lesat/lesat.php ).
If you visit with an argument, it shows the spam: (try http://lean.mit.edu/blind/products/lesat/lesat.php?pills=bestellen-viagra )

The code being used is probably very similar to this one: https://blog.sucuri.net/2010/05/it-is-not-over-seo-spam-on-sites.html

If you know anyone at the MIT, let them know about it.

As always, if you are having difficulties getting your site cleanup, send us an email at contact@sucuri.net or visit our site: http://sucuri.net. We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • Anonymous

    The All Great MIT got hacked an no one noticed?

    Let me guess they were cavorting for the Vanity Fair shutterbugs all weekend in the Hamptons.

  • "If you know anyone at the MIT, let them know about it."

    As a member of the security field, and the finder of the abuse, why are you not taking the initiative and report it to them? (http://ist.mit.edu/security/report)

  • Anapologetos: Maybe we already did and got no reply? :)

  • Anonymous

    Is this nightmare over yet?

  • Anonymous

    We have contacted the owners of the server to remediate the issues. The nightmare will be over soon.

  • As I can see your fans already love your article. Though I am not much of a follower of articles but I enjoyed your article a lot. Very nicely done.Generic Viagra

  • Pingback: All the sites at the Walmart Community network hacked | Sucuri Blog()