One of the HEC subdomains – apps.hec.gov.pk – appears to have be compromised for the last few weeks. Google reports it as an “Attack site” and shows this warning:
The sub-domain contains a few hundred pages with important information (the one below is supposed to have a list of all HEC-approved universities), and so, the website should ideally be available to the world minus any malware or spyware.
An example infected URL: http://app.hec.gov.pk/universityfinal2/RegionUniversity.aspxÂ (please make sure your browser is appropriately protected before copy/pasting)
If you click the “Why was this site blocked?”, Google tells you that
Of the 476 pages we tested on the site over the past 90 days, 124 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-10-27, and the last time suspicious content was found on this site was on 2008-10-27. Malicious software is hosted on 6 domain(s), including 81dns.ru, mnbenio.ru, berjke.ru. 2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 81dns.ru, mnbenio.ru.
Emailing HEC about it has not worked so far. Even if it is a false-positive, somebody in HEC should wake up and fix their servers – they can even ask an HEC scholar in the network security field who gets their funding.
(This page appeared during a Google search to help out a researcher friend who wanted a list of our universities)