SBN

What is Pharma Hack Spam?

Have you ever seen a website advertising products that seem unrelated to the apparent purpose of the site? Often, this suspicious content is promising pharmacy drugs, available quickly and without a prescription. That’s a classic example of a pharma hack.

It’s very important to understand what a pharma hack is and how to stop it from damaging that online property you worked so hard to create and maintain. Let’s get started with a look at this common type of malware.

DevOps Connect:DevSecOps @ RSAC 2022

What is a pharma hack?

The term pharma hack refers to a type of SEO spam, which is the most common type of malicious content we find on infected websites. In fact, last year we uncovered SEO spam in 62% of the websites we cleaned. With SEO spam, bad actors will usually first compromise a website and use the unauthorized access to add spammy content, which comes in numerous forms.

And that’s where we see the pharma hack. Due to the high volume of searches related to pharmaceuticals, it’s common to see bad actors using prescription drugs as keywords and links in their SEO spam. While some of these are unlicensed pharmacies that will actually deliver the meds, often it’s just a ripoff.

But why go through the trouble of hijacking an innocent website in order to implement a pharma hack? It might seem easier for bad actors to simply create their own.

Well, search providers like Google avoid ranking sites that seem shady, so a fly-by-night pharmacy wouldn’t have much success. However, by piggybacking off legit websites, hackers are able exploit the good standing in the eyes of a search engine.

Examples of a pharma hack

Unfortunately, it’s not that hard to find examples of a pharma hack. Terms related to male-enhancement drugs are common with pharma hacks, so try the searches buy Viagra, buy Cialis, and buy Levitra. (C’mon, don’t be squeamish. That’s why they invented the incognito window.)

In the results, examine the second-level domains. That’s everything to the left of the TLD like .com or .net — basically the address to a website’s home page. You’ll see many of these obviously represent online pharmacies and aren’t pharma hacks. However, some might leave you raising an eyebrow.

Hackers can add links, posts, and even entire pages that take visitors away from legit sites and over to another site set up to receive directed traffic from websites infected with the pharma hack. They can also redirect existing links and navigation in order to funnel away traffic.

Please understand it’s never a good idea to visit websites you think are hacked. Unless you’re pretty familiar with website security, it’s better to err on the side of caution.

With that out of the way, let’s take a look at the results of a recent search using the terms described above.

Buy Viagra

Viagra Spam

This website is, in fact, a radio station based in Fresno that broadcasts jazz and other types of easy listening. The web address in question appears to link to a programming segment, but (please don’t click this yourself) it’s actually Viagra spam redirecting to an online pharmacy.

Buy Cialis

Cialis Spam

This site is a company offering technological products and services to scientific researchers. The web address suggests you’ll go to a page for downloads, but the page title promotes another online pharmacy.

Buy Levitra

Levitra Spam

Here’s a Canadian organization for healthcare professionals in the field of cardiology. But, the web address reveals someone has created an entire page to capture searches related to buying the medication Levitra.

How to fix the pharma hack on a website

It’s critical to immediately remove a pharma hack from an infected website. Consider this: How did you feel seeing the infected sites in our search? It probably wasn’t confident — eroded trust and reputation are a major impact of the pharma hack.

That’s not to mention search engines like Google will blacklist sites infected with a pharma hack, which can reduce organic traffic by a whopping 95%.

When it comes to fixing a pharma hack, people with an intermediate understanding of website anatomy could do it themselves with resources like this guide we offer free of charge. On the other hand, folks with less tech savvy or those with urgent needs should seek professional assistance, with little delay.

How to stop pharma hacks like Viagra spam

The best way to stop pharma hacks is by identifying and blocking them. Our team of threat researchers continually searches for evidence of bad actors and their scams. They use that evidence to create signatures for detecting the threats.

We’re always adding the latest threat signatures to our Web Application Firewall (WAF). Websites behind the WAF are protected by a kind of savvy street cop, a strong presence that understands the area and where threats lurk. Bad actors are turned away before they can even get started.

Keep in mind, it’s important to do your research and make sure you get the best possible website firewall. If you’re interested in making this investment with us, please consider starting with a free 30-day trial. If you have any questions, please feel free to give us a shout at your convenience.


*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Art Martori. Read the original post at: https://blog.sucuri.net/2020/02/pharma-hack.html