A software vulnerability at a U.S. based Web hosting provider let hackers secretly add dozens of Web pages to military, educational, financial and government sites in a bid to promote rogue online pharmacies.
For four months in 2010, a customer of Hostmonster.com, a Provo, Utah based hosting provider, exploited a bug in CPanel — a Web site administration tool used by Hostmonster and a majority of other hosting providers. The customer used the vulnerability to create nearly four dozen subdomains on a number of other Web sites at the hosting facility, said Danny Ashworth, co-founder of Bluehost.com, the parent company of Hostmonster.
The subdomains were linked to dozens of pages created to hijack the sites’ search engine rankings, and to redirect visitors to fly-by-night online stores selling prescription drugs without a prescription. Among the compromised domains were:
Omaha, Neb. financial institution Accessbank.com;
Bankler.com, the sole investigative tax accountant for the U.S. Senate Whitewater Committee;
Ejercito.mil.do, the official site of the Army of the Dominican Republic;
Sacmetrofire.ca.gov, the Sacramento Metropolitan Fire District;
Wi.edu, The Wright Institute.
Ashworth said all of the bogus subdomains were created between April 2nd 2010 and July 1st 2010. But they remained there until the company was contacted by a reporter last week.