The last few days we have been looking at what web spammers have been abusing to place spam files on various websites. Some of that has involved various websites from major universities, including Duke and Harvard. That isn’t all that surprising as they can have a lot of websites and they can stay up despite no longer being actively used. More surprising is that we found that a CDN belonging to Brigham Young University is also being used, and that appears to have gone unnoticed. Here is an example of spam files that have been included in Google search results from that:
So Google also seems to have a problem with catching web spam as well.
Also, it is worth noting here that Google is willing to display a claim that something has 7,447,548 votes:
That claim comes from data in the file:
<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "VBUCKS", "operatingSystem": "ANDROID", "applicationCategory": "GameApplication", "aggregateRating": { "@type": "AggregateRating", "ratingValue": "4.8", "ratingCount": "7447548" }, "offers": { "@type": "Offer", "price": "9999.00", "priceCurrency": "USD" } } </script>
It’s unclear how the spammers are getting the files on that CDN. It looks like you need a login to access the university’s Brightspot CMS that would seem to be connected to the CDN. Possibly, a compromised login could be used here. Though, based on other parts of the campaign, it seems possible that some upload functionality on websites is being abused to do this.
We have alerted Brigham Young University about what is going on.