Quite a few machines from the Department of Computer Science at the University of Illinois are suffering from malware-serving websites.
Security researcher Conrad Longmore has identified several cs.illinois.edu domains hosted on IP addresses involved in malicious campaigns.
The list of affected domains includes tarrazu.cs.uiuc.edu, croft.cs.illinois.edu, tsvi-pc.cs.uiuc.edu, mirco.cs.uiuc.edu, ytu-laptop.cs.uiuc.edu, and node3-3105.cs.uiuc.edu, but there might be others as well.
The IP addresses and the malicious domains hosted on them connect to a malware spam run launched by a cybercriminal group dubbed “Amerika,” said Longmore. Amerika appears to be a Russian group that uses fake U.S. addresses for its WHOIS details.
The University of Illinois told Longmore a single machine from their network ended up compromised and officials cleaned up the device in question.
The Amerika gang is responsible for several spam campaigns, including ones that leverage the name and reputation of Amazon, PayPal, Walmart, ADP, LinkedIn and various other high-profile companies.