WRI CAIT Hacked? Google Returns “This site may be compromised”

August 2, 2012

The World Resources Institute, or WRI for short, has a sub-domain, namely cait, that is blacklisted by Google with the “This site may be compromised” tag. Details about this tag can be found on various sources.

Google Return For WRI CAIT

WRI CAIT Official Site

So, why exactly is Google warning us? Lets look at the urlQuery results. First thing we notice is a redirect to the main domain. Lets look at the header’s return:
First, we know that this is a 302 redirect to the target page of CAIT from the official site. Second, they use an outdated version of Apache. The latest stable release was version 2.4.2 released 2012-04-17. But what is the offending content that this site return? The suspicious element I found is below:

Which returns..

Notice the site name. Detected by two at urlVoid. If you check the history you notice that these are the same results from two months ago. There isn’t really anything on the site however, not even close to a site. Could be associated with phishing.

Outdated sites are more likely to get hacked,
~!Donovan

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

The Website Analysts' Resource (WAR)

What about it?