It has been a while since we pushed out "A .Gov Media Player? Not Exactly…", a blog post about arcadia-fl[dot]gov at the time of its compromise and serving a binary file, and "Philippine Government Site Infected with Spam Code", which is about da[dot]got[dot]ph pages that is found to contain hidden Blackhat SEO spam links. Recently, we've noticed a number of .gov URLs that were broken into to host different pages.
Our first domain, one from Taiwan, has served a "Hacked by..." page which we normally see hackers put up to show that they've "owned" it.
We also found that a lot of pages hosted on this domain have spammy content revolving around Viagra, gambling, and student loans, among other else. For the complete list of spammy pages, here's the scan result page from Unmasked Parasites.
With the number of .gov sites we have seen that are insecure, it pays for users to be careful of potential risks they may encounter when visiting them. As they remain vigilant with this, so, too, should admins with hardening site security and keeping pages free from spammy, phishy, and malicious content.