The Viagra Code

The bright morning sun streamed through the open window of Robert Langston’s office at his toy manufacturing company. His great-grandfather had started the business from a pushcart, and Robert had proudly led the family business into the modern era with e-commerce and a worldwide customer base.

Robert sat at his desk, reading an email from an irate customer whose son had clicked on the website link for one of their best selling LEGO® sets. Instead of LEGO®, the customer’s nine-year old son was redirected to AnxiousBeavers.com, a website with content not terribly appropriate for a fourth grade boy. Within seconds of reading this customer’s tirade, Robert launched his corporate web page, located the LEGO® set and tentatively clicked on the “View More” link. The screen refreshed to display a cheerful “Welcome to AnxiousBeavers.com!” message, but unfortunately for Robert and his young customers, there were no small quadruped aquatic mammals anywhere in sight.

Robert’s face flushed with fury and embarrassment as he realized his website had been hacked. It’s still early, he thought to himself, I’ll nip this in the bud. He viewed the page’s source code to scan it for a malicious porn link. He found it swiftly, deleted the link, and assured himself that everything else seemed to be ok. Just to be safe, he changed his password to the website source files. Of all the days to run into trouble, today was not the day. They were offering a popular annual 50% off promotion that afternoon and couldn’t risk a hacked site diverting customers, or worse, undermining a reputation built from years of providing excellent customer service and quality products. Holidays were around the corner and his competitors were nipping at his heels. He couldn’t afford to blow this season nor infuriated customers’ rants plastered across over social media.

The rest of the morning went smoothly. Inventory came in, orders went out, and the fulfillment warehouse hummed with the energy of staff sorting picking orders and packing boxes. After lunch, Robert reclined at his desk for a moment’s break to check his email. He was confronted with eighty three new emails of customers complaining of porn links. Robert gasped and felt sick to his stomach. He clicked through his website pages and this time, almost every page had been hacked. There was no time to lose. He quickly replaced his home page with a message that read “Website under renovation – check back at 4:00 pm for our big 50% Off promotion”. He hoped this would buy him some time, and some good will.

Beads of sweat trickling down his brow, he once again opened up his website source code. and searched for the links to delete. He’d always had confidence in his ability to navigate basic HTML and CSS and take care of the website himself, for the most part. This saved him money and he’d never had a problem before. 

But this time, all of his efforts were misfiring. The links had propagated like a virus — now the infected website was spawning links like MaleEnhancement.com, HaveAnAffair.com, ChicagoFurrys.com and other rude, decidedly not-child friendly parasites. As soon as he fixed a page and saved it, the code reappeared as if generated by some hidden bot, injecting his wholesome and well-tended website with perversion.

It was time to call in the professionals.

Fortuitously, just the previous week, Robert recalled that had spoken with an online security company, Zelta Online Security. Now he searched frantically for their email in his inbox.

Desperately, he called them. “Yes, this looks like a sophisticated hack. We can remove it on a rush basis for $3,000, “ said Mr. Zelta. Robert invested quite a bit of advertising in the current promotion and time was of the essence in rescuing the sinking reputation of his business. Robert winced but paid them immediately as he felt he had no choice.

In less an hour, the hack was removed and the site was back online. He called Zelta back. “How did you fix it?” Robert asked.

“The hackers used an eval function to gain entry to the PHP framework,” said Zelta. “Don’t worry. It should be fine.” Robert thanked him, hung up the phone and went to help with the toy shipments, relieved to have dealt with the problem, but with an uneasy feeling in his stomach.

“I love cybercrime,” crowed Zelta to his office mates as he hung up the phone. He lit a cigarette and inhaled the smoke slowly. “Easiest three grand we’ve made this week”. He smiled as their black-hat developer inserted the porn generating code into another vulnerable e-commerce website.

Richard Parr
by Richard Parr
Posted: October 29, 2014