Joe Biden is Out of the Race - Hacked WordPress Blog Lives On

January 9th, 2008

I posted last December that Joe Biden's WordPress blog had been hacked. Now he has withdrawn from the 2008 US Presidential race, but his hacked blog lives on: 

<div id="goro"><a href="http://www.sloog.org/?page=27" title="Hydrocodone">Hydrocodone</a>
<a href="http://www.sloog.org/?page=26" title="Glucophage">Glucophage</a>
<a href="http://www.sloog.org/?page=20156" title="Glucophage">Glucophage</a>
<a href="http://www.sloog.org/?page=10" title="Carisoprodol">Carisoprodol</a>
[...snipped...]
<a href="http://www.sloog.org/?page=21854" title="Zithromax">Zithromax</a>
<a href="http://www.sloog.org/?page=56" title="Zocor">Zocor</a>
<a href="http://www.sloog.org/?page=21865" title="Zocor">Zocor</a>
</div><script type="text/javascript"><!--
function getme(str){ var idx = str.indexOf('?'); if (idx == -1) return str; var len = str.length; var new_str = ''; var i = 1; for (++idx; idx < len; idx += 2,i++){ var ch = parseInt(str.substr(idx, 2), 16); new_str += String.fromCharCode((ch + i) % 256); } eval(new_str); }
getme('http://pagead2.googlesyndication.com/pagead/show_ads.js?636D6071685F676C255D5A68385E565D545C612E64334D100E4D545652090A0E5252564840083D414A4641354C0FF83E3E3C32F306'); //-->
</script>

It looks like sloog.org was hit by SEO spammers as well:

Thumbnail: Google Results - site:sloog.+inurl:page

Generalizing that Google query yields plenty of results for other SEO spam hacked sites:

Thumbnail: Google Results - inurl:(page|page_id|cat) +intext:buy.glucophage intext:powered.by.wordpress

And possibly even more sites:

Thumbnail: Google Results -inurl:(page|page_id|cat) +intext:buy.glucophage +intext:buy.hydrocodone intext:powered.by.wordpress

Simply stunning. These are definitely not targeted attacks.

Posted by gfleischer on 2008/01/09 at 15:27 in 0wned
Home
Subscribe
RSS 2.0
Quick Links
Content
Info
Categories
Archives
Sitemap
Valid XHTML 1.0 Transitional Valid CSS!