In January, I talked about high-profile websites, which had been hacked to redirect users to fake online stores. One unique aspect of the hack was the fact that the attackers had set up additional web servers on non-standard ports. Most of the domains I listed in the post were cleaned up pretty quickly.
Three months later, there are still a number of hijacked sites redirecting to the same fake stores. One day recently, I found 68 hijacked domains, mostly college and government sites, including:
Berkeley: cshe.berkeley.edu
Harvard: research4.dfci.harvard.edu
Purdue University: web.ics.purdue.edu
Oklahoma State University: osu.okstate.edu
Australian Government: brokenhill.ses.nsw.gov.au
Read more on The Security Blog.