There are reports of a compromise leveraging one of approximately twenty exploits that adds a unique module to Apache web servers that will, under the right circumstances, return spam links. Apparently a number of university sites have been affected.
See related media article at the following URL:
- following a link as a result of a Google search that appears to be to a legitimate university site does in fact take you to the university site.
- a server script at this point (in no specific location on the server) sends the user an HTTP 302 redirect to an Online pharmacy page, or a cascade of sites leading to an Online pharmacy page.
It is recommended site owners test this using a Google search and their own domain. If you see results similar to what is described in the article, please review your web server for indications of exploitation.