Websites for several prestigious universities are serving explicit pornographic content and malicious software after scammers exploited a record-keeping error by site administrators, a researcher found. The affected sites include berkeley.edu, columbia.edu, and washu.edu, with hundreds of subdomains compromised.
The issue stems from a clerical error in which subdomain records are not removed when they are decommissioned, allowing scammers to hijack the old record and redirect visitors to malicious or explicit content. This has resulted in thousands of hijacked pages being listed by Google search results.
One of the affected universities is the University of California, Berkeley, whose subdomain was used to redirect visitors to a scam site falsely claiming their computer was infected with malware and demanding payment for removal.
The researcher, Alex Shakhov, said that the scammers are linked to a known group tracked as Hazy Hawk and are exploiting the good name of universities to spread malicious content. The issue highlights the importance of proper record-keeping and security measures to prevent such attacks.