Hacked .gov sites
Following up on a post at SunBelt about "Hacked .gov sites" and I have to slightly disagree with their statement:
"No, not a terrorist attack — just simple stupid hacks to redirect people to porn and other junk. Largely used for search engine optimization."
In my investigation I found that the (.gov) sites mentioned do a lot more than "redirect to porn", etc... not only are these sites hacked - most likely failure to update their server software, but once the links were planted, they then spammed quite a few Forums and ".edu" sites with links back to "dinuba.ca.gov"
hxxp://dinuba(dot)ca(dot)gov/minutes/062805CCMRDAMIN/06/free-movies.html
As you can see the link redirects several times and you end up landing on a Trojan.Codec site ... ouch!
And folks this infection is not very well detected - File VideoAccessCodecInstall.exe Result: 2/32 (6.25%)
The sad part is that the people that run these "Parked Domains" decided to get in on the act and use one of these sites listed above as a "Sponsored Result" and then run it thru Google's AdSense ...
Notice the highlighted above and the description is basically the same ... this is just two examples, there are thousands of these parked pages with the same description ... (Results 11 - 20 of about 220,000) many hosted by "sedoparking.com" and routing the links thru "pagead2.googlesyndication.com" (Google AdSense) thus generating a commission for themselves by anyone clicking the Sponsored Links ...
As many of you know "pagead2.googlesyndication.com" is an entry in the HOSTS file along with several for sedoparking.com, just because of situations like this. In my opinion "Sponsored Results" can not be trusted.
It's a shame that the people responsible for maintaining their servers don't do a better job, if they did a majority of these type attacks would never occur ...