Numerous South African websites have been hacked, and are now serving hidden links to many international websites (see original post here: Mass ZA hack on outdated CMS websites).
Some of the compromised websites include local businesses like the Kyalami Kart Circuit, Infoware Studios, Apollo Auctions, Starbase Telecoms and the Timbavati Nature Reserve.
According to industry feedback the hackers targeted outdated content management systems (CMSs), including WordPress and Joomla.
The injected code contains links to over 30 international websites, but is hidden from visitors to the website. It is therefore aimed at search engines like Google and Bing to increase page rank.
The injected code typically appears just below the <body> tag, wrapped in its own <div> tag to hide it from the front end.
The infected source code, which can be viewed by pressing the “CTRL” and “u” keys simultaneously when viewing the website in your browser (IE, Chrome and Firefox), is shown below.
Check your websites
Website owners and webmasters are advised to urgently check the sites they manage to establish if they have been compromised.
This can be done by checking the website source code, and establish whether a list like the one above has been injected in the code.