An investigation has revealed that over 100 top US universities have been hacked and injected with SEO spam with the purpose of boosting the search engine ranking of an online gambling site.
The infections are still active on many sites, even today, and consist of just two-three words inserted inside the page’s text, linking back to the online gambling portal.
Whoever has done this has been very careful not to attract the user and webmaster’s attention. All links inserted on these sites are disguised to use the same text foreground and background color, and hide the link’s underline.
As such, the links blend in the page’s background, but search engines will detect it and use it to calculate a better search engine ranking for the linked site, in this case, the online gambling portal.
Israeli SEO firm eTraffic says it discovered the hacked sites after it investigated the mysterious apparition of a new online gambling service that managed to skyrocket to the first page of some Google search results for highly valuable keywords (search terms), such as “real money slots” or “slots.”
Their investigation revealed that countless of .edu and .gov websites were linking back to this new website, which is extremely peculiar since government and educational portals almost never link back to gambling sites.
“Backlinks from TLD sites of .edu and .gov are highly coveted and possibly the most valued search engine optimization resource,” eTraffic’s Assaf Dudai explains. “Some of this [competitor gambling] site’s links were coming from the most prestigious universities in the States, even one Ivy League – Stanford.”
At this point, it was obvious to eTraffic that, by the way links were disguised, someone had compromised these websites and inserted the URLs without the owner’s knowledge.
A few of the compromised sites Softpedia tested were all running on the WordPress CMS, one of today’s most popular website hosting toolkit, but also one of the most hacked web platform.
There have been multiple cases in the past when crooks took over WordPress sites, added them to a botnet, and posed as SEO boosting companies.