Hackers are apparently using the .ac.uk domain to flog fake drugs according to an insecurity outfit.
Security company Imperva believe “thousands” of academic organisations may have fallen victim to the ploy.
Imperva’s Amichai Shulman told the Beeb that it was a “pretty successful campaign” with many higher education institutions that use the .ac.uk domain helping customers get through to the spammers’ sites.
The hack uses vulnerabilities in PHP which the organisations use this technology to make websites more interactive
Injected code included search terms associated with drugs such as Viagra, Cialis and many others.
The upshot is that when a person searches for drugs online, the universities and colleges web addresses would pop up in the top results. Anyone clicking on the link would then be re-directed to a fake pharmacy peddling counterfeit pills.
What was clever was that the criminals used the technique of piggy backing on legitimate sites to ensure that their websites show up in search engine results.
Shulman said that “thousands” of sites, including many universities and colleges, had been caught out by the drug spammers.