Various Fox Websites Hit With Pharma Hack

Fox Websites Exploited with Pharma HackIf you’ve been following Sucuri, you’ve seen a bunch of discussion around the steadily growing Pharma Hack. As we continue research on the issue we find more and more variations of the exploit.

Earlier this evening, we started noticing various domains from the same network of sites appearing in our test results. It looks like various pages on sites owned or operated by Fox Television Stations, Inc. and/or their affiliates have been compromised. We’ve followed up and scanned a set of these sites, and at the time this post was written, they were still serving the spam exploit.

Here is a preliminary list (not a complete listing) of the exploited sites we’ve found indexed on Google:

Performing the following query on Google will result in a list that includes these sites and more: “cheap viagra” inurl:fox

Here are a couple of the scans we performed:

MyFox Atlanta Sucuri Scan

Fox 8 Pharma Hack

It has become evident that this is not an exploit only affecting a specific application, or hosting provider. It is much larger than that. We’ve seen shared hosting services, VPS’s, and dedicated servers get nailed by this annoying spam attack. WordPress, Joomla, even static sites have made an appearance on Google’s long list of Viagra spamming interwebs.

Have you been exploited? Are you researching the issue as well? We’d like to hear your comments about the latest blackhat SEO spam exploit.

If you need any help cleaning up the mess or you need a partner to help with your security needs, Sucuri is here to assist.

Protect your interwebs!

About Tony Perez

Tony is the Co-Founder / CEO at Sucuri. His passion lies in educating and bringing awareness about online threats to business owners. His passions revolve around understanding the psychology of bad actors, the impacts and havoc hacks have on website owners, and thinking through the evolution of attacks. You can find his personal thoughts on security at PerezBox and you can follow him on Twitter at @perezbox.