A few days ago, he commented that some Uruguayan government sites were being used by spammers to promote cheap viagra, among other things. Today I was doing some similar searches but with Argentine government sites.
The search is very simple: viagra site: gov.ar or viagra site: gob.ar
(click images to see larger)
For 3 years in Argentina the domain has been used gob.ar for government entities, although several still maintain the old gov.ar and in some cases the sites charge both ways. Whatever, with both searches you can find infected sites.
These are some examples:
On the next page, when you directly access a redirection to a fake online pharmacy, this is done through a script. By blocking it, the content that can be seen is the following:
The script which is loaded:
And the landing page:
In some cases they directly managed to create subdomains To promote fraudulent products:
In this other example, when you access the page everything seems to be ok but it is actually full of hidden links. They can be seen in the source code:
In some the Google preview directly displays spam content:
But not everything is pharmaceuticals, the cheap software It is also promoted by linking to fake portals:
And the spam comments (follow) never missing:
These are just a few examples, there are many more!
Update: @Xyborg tells me on Twitter that a report on the subject was published on Segu-Info.com.ar. The date is February 2011.
Full report: Viagra.gob.ar: a matter of national security