Is Your Website Sending Spam?

I just saw an updated story on how a number of Higher Ed and government sites have been hijacked by spammers. The sites are used to redirect people to fake online stores.

Are you on the list?

According to the original post at Zscaler there seem to be about a hundred schools that have been compromised including (according to them):

• UC Berekely
• Harvard
• Purdue
• Oklahoma State, and
  
• Australian government

The fake stores claim to sell discounted Microsoft and Apple software. Heaven only knows what they are really doing, but the point is that you don't want your institution being part of it.

And the QSA in me has to wonder if parts of the institution's website has been compromised, what about the rest of the site? For example, are you sure your campus merchants who re-direct customers to third-party hosted order pages are really sending them there and not to badguys.com?