You read right. Several U.S. military and government website subdomains (.gov) are suffering persistent blackhat redirects to porn videos and spammy Viagra ads.
Why is this happening and how can these fishy practices harm your business?
Let’s find out.
Why Military and Government Sites Are Full of Porn Ads?
Zach Edwards (security researcher) helped Motherboard’s Vice to report the findings:
Many government websites are hosting these spammy ads for their mere reason that most government agencies use the same now-patched “Laserfiche” software. Prior to its update, it was vulnerable to files that third parties would push without the site owner’s permission.
Laserfiche is a content management system sold to the Army, FBI, Navy, and many more.
The offending uploads and specific error messages were first found on an Idaho.gov domain. Then, other ads for alleged Xbox gift card generators and in-game Roblox currency were also found with the help of Google search.
To be honest, Blackhat SEO campaigns like these aren’t something new. Both troll redirects and scareware have been present since the dawn of the internet. They usually disappear quickly, after visitors report them. But these are sophisticated and don’t disappear so easily.
The real problem is that, on blackhat SEO’s eyes, pharma and government subdomains (as the 50 impacted this time) are extremely valuable. The benefit (high Authority Domain and organic traffic) is enticing anyone who runs shady businesses like these.
Big sites affected included Senator John Tester’s site and one belonging to the Minnesota National Guard. While the latest has been taken down, you can still read the original post on the web archive by clicking on the lick. Both were pushing viagra products.
Above, you can see a screenshot showing .gov websites. on the search results for the keyword “buy generic and brand Viagra”
Can Porn Ads Be Removed Entirely From Military and Government Sites?
As mentioned, Laserfiche has released various security updates to reduce the window of time where an uploaded file can be shared (down to five minutes). These patches are available for versions of the software released in the last five years.
The Laserfiche company also released a cleanup tool for Laserfiche Forms public portals, with the goal to help affected customers scrub their portals clean.
There are mitigations available as well for users who can’t immediately install updates on externally accessible Laserfiche Forms servers. As they said in its update:
“The Laserfiche Forms 10.x security updates modify the default behavior of public forms to no longer provides a download link.”
Now, let’s pause for a second.
If this happens to military and government sites, then it can also happen to you and your business. How do you avoid intruders from your infrastructure?
The experts at MyITGuy recommend you audit your network, systems, and/or devices.
Vulnerability management is thought for those who have cybersecurity or IT members/departments to support you.