Digital Constitution, the Microsoft web site which protects
online privacy in a digital world, was hacked to promote online casinos.
According to ZDNet, which first reported about the hacking,
the Digital Constitution was running an older version of WordPress when the
spammy links were discovered.
Though the links were removed from the front page in the
hours following the ZDNet report, a variety of other pages continued link to
the gambling sites.
The news reports says that it is unknown how long ago the
site was hacked to promote online gambling, whether other Microsoft websites
were hacked or not. It is still not clear who was behind the attack.
Ars Technica noted that it was not unusual for
hack-by-numbers exploit kits to automatically inject malicious links into
vulnerable pages that when viewed by vulnerable computers, perform drive by
download attacks.
However, when the company was asked, the Microsoft answered
not more than "it's fixed."
According to the news report, the attacker had injected text
with keywords like "online casino," "poker, "craps,"
"roulette," and "blackjack." New pages were added to inject
to show content that embeds content from other casino-related websites.