According to Amon Sanniez, the SEO poisoning appears to be compromised by a number of medical spam-related URLs, most of which are compromised sites themselves.
"As you can see from the screenshots, unless you were to view the source code for the web page, it is almost impossible to know that this page has been modified", he says in his latest security blog.
The sub-domain under attack, he asserts, is the Sustainable Energy Finance Initiative (SEFI) site – sefi.unep.org.
SEFI, Sanniez notes, is a division of UNEP and provides support and tools to financiers in regards to the use of clean energy technologies.
"Like most black hat SEO attacks on compromised sites, the site tends to look perfectly fine, and there is no indication that the site has been compromised", he said.
Further analysis of the source code, he goes on to say, reveals that the entire block for the Black Hat SEO is appended to the end of the HTML code.
Users should also notice, he says, that the code contains a hidden disposition, and the height and width pertaining to the size of the displayed content is set to zero.
Researching through the appended code, adds the Websense researcher, allows users to see branded drug names such as 'Viagra' and 'Levitra' - the use of these keywords, he adds, help result in a better search engine ranking.
"Most of the mainstream search engines such as Google know of these tricks and do their best to prevent these attacks, but it does not always work. However, the prevention success rate is higher for well-known search engines compared to the less mainstream ones", he said.
"At the time of posting this blog, the Black Hat SEO threat has been removed and the sefi.unep.org web site is [now] safe for browsing", he added.