Arizona-Sonora Desert Museum Website Hacked

The Arizona-Sonora Desert Museum's website (desertmuseum.org) has been hacked and some of the pages from their "A Natural History of the Sonoran Desert" are intermittently serving up Blogger-powered spam pages. Here is an example of what their Funnel-web Spider page (http://www.desertmuseum.org/books/nhsd_funnelweb_spider.php) now looks like when clicked on from a Google search:

The script that the spam hacker is using takes the keywords from the referring site's search query. I used the following search query in Google to get the above result. Note the odd capitalization I used that is reflected in the post's green title.

http://www.google.com/search?q=ariZona+FuNnel-WEB+spiDers

This website's hacked pages all have the following characteristic text on them (note the misspelling of particularly):

"Particulary I like the first site but other sites are informative as well"

Search Google for this phrase in quotes, and you'll see the thousands of websites that have fallen prey to this hack.

The script that the hacker is using comes from http://58.22.101.120 and the php comes from http://67.18.150.90. The spam page has a meta refresh, so the normal Arizona-Sonora Desert Museum page will load after 300 seconds if you don't click on an ad or the back button. I have repeatedly notified the Arizona-Sonora Desert Museum about the serious problem with their website, but they have never bothered to respond and the problem still exists, so I am removing links to their "A Natural History of the Sonoran Desert" site.

Because hacked websites can be used to infect people's computers with malware, I would strongly advise you NOT to visit their website. I use Firefox and a Mac, but this sort of thing still worries me.

Update: This might be due to a hacked .htaccess file on the desertmuseum.org website, which redirects only search engine traffic to the hacked pages. Read about another similarly victimized website here and here.