Website for University of North Carolina, The Beasley Center, Hacked for Online Pharmacy Store - Part 2
TOKYO (MacHouse) - As we reported earlier, the website for the University of North Carolina, Beasley Center, has been hacked to forward Internet users to a junk online pharmacy website at fastcanadianpharmacy.com. Looking under the directory of pharmacy at Beasley Center’s website, there are 21 subdirectories. (See Screenshot 02.) If you double-click on any of them, you will be forwarded to a junk online pharmacy website at fastcanadianpharmacy.com. (See Screenshot 03.)
 Screenshot 01 - Source: The Beasley Center |
 Screenshot 02 - Source: The Beasley Center |
 Screenshot 03 - Source: fastcanadianpharmacy.com |
So how did we find this exploitation? A cyber criminal circulated at least one spam comment several hours ago to advertise the redirection subdirectories at Beasley Center’s website. (See Screenshot 04.)
 Screenshot 04 - Source: MacHouse |
If you are planning to purchase your medication at this junk online pharmacy store, don’t. There are several serious warnings that should tell you not to.
- No legitimate business owner advertises its website by circulating spam posts.
- The website uses fake certificates.
- The domain is registered through a Chinese registrar to host an English website, which is not a good sign.
- Many illegitimate online pharmacy websites sell counterfeit drugs manufactured in China.
Screenshot 05 shows shows the domain registration of fastcanadianpharmacy.com. This domain was registered through Hichina Zhicheng Technology, Ltd. on April 27, 2007. Registrant’s name is shown as Anton Nikiforov, which sounds like a Russian name. Nonetheless, his address is in China. That indicates that the registrant took too much viagra and became delirious at the time of registering this domain.
 Screenshot 05 - Source: Domain Tools |
 Screenshot 06 - Source: netdirekt.de |
Let’s see who harbors this junk online pharmacy store. The IP address of the web server hosting this website is traced to 89.149.228.102. This IP address belongs to a notorious German hosting company called netdirekt (netdirekt.de). (Screenshot 06 shows netdirekt’s wesite.) We have mentioned this web hosting company’s name so many times this year alone. netdirekt harbors many phishing websites. They also specialize themselves in hosting fake PornTube websites.
 Screenshot 07 - Source: fastcanadianpharmacy.com |
 Screenshot 08 - Source: fastcanadianpharmacy.com |
If you proceed to check out at the pharmacy website hosted at fastcanadianpharmacy.com, you will find four certificate labels. (See Screenshot 07.) One of them is VeriSign Secured. (See Screenshot 07-8) That’s kind of odd. If the website uses VeriSign’s security protocol, how come it doesn’t use https?
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
July 22nd, 2009 at 6:18 am
You mean to say the are not worthy? i mean the host
Regards