Hackers Exploit Websites To Give Them Excellent SEO Before Deploying Malware (zdnet.com) 11
schwit1 shares a report from ZDNet: Cyberattackers have turned to search engine optimization (SEO) techniques to deploy malware payloads to as many victims as possible. According to Sophos, the so-called search engine "deoptimization" method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google's rankings. SEO optimization is used by webmasters to legitimately increase their website's exposure on search engines such as Google or Bing. However, Sophos says that threat actors are now tampering with the content management systems (CMS) of websites to serve financial malware, exploit tools, and ransomware.
In a blog post on Monday, the cybersecurity team said the technique, dubbed "Gootloader," involves deployment of the infection framework for the Gootkit Remote Access Trojan (RAT) which also delivers a variety of other malware payloads. The use of SEO as a technique to deploy Gootkit RAT is not a small operation. The researchers estimate that a network of servers -- 400, if not more -- must be maintained at any given time for success. While it isn't known if a particular exploit is used to compromise these domains in the first place, the researchers say that CMSs running the backend of websites could have been hijacked via malware, stolen credentials, or brute-force attacks.
In a blog post on Monday, the cybersecurity team said the technique, dubbed "Gootloader," involves deployment of the infection framework for the Gootkit Remote Access Trojan (RAT) which also delivers a variety of other malware payloads. The use of SEO as a technique to deploy Gootkit RAT is not a small operation. The researchers estimate that a network of servers -- 400, if not more -- must be maintained at any given time for success. While it isn't known if a particular exploit is used to compromise these domains in the first place, the researchers say that CMSs running the backend of websites could have been hijacked via malware, stolen credentials, or brute-force attacks.
Legitimate exposure it ain't (Score:5, Informative)
SEO optimization is used by webmasters to legitimately increase their website's exposure
SEO is used to artificially boost a website's exposure. Legitimate exposure would be the site ranking up by virtue of its content, quality or attractiveness alone.
Re: (Score:2)
Not actually... (Score:2)
"... SEO optimization is used by webmasters to legitimately increase their website's exposure on search engines such as Google or Bing. "
I'd say rather, it's used by legitimate webmasters to raise their site rankings, because it's still "gaming" the algorithms.
Hint: if search engine authors are constantly trying to block what you're doing, you can't really call the technique legitimate.
Couldn't they make more money with just SEO? (Score:3)
Re: (Score:2)
Re: (Score:2)
Very few people who don't "have SEO" want to pay for it. Surely you must have received emails saying "Hey - I just visited your great website, but I noticed it wasn't in the first page of Google for common searches"? I get them all the bloody time, and no, I haven't ever taken them up on the offer for an 'assessment'.
The people sending me spam emails, and these malware people don't make your site better - they add content to pages that make it turn up in more common search queries. Let's say your site is al
Yet another reason (Score:2)
To aggressively remove spam and spammers from forums and comments.
Hey, wait! I didn't mean ME!
Sophos have got the wrong end of the stick (Score:2)
If the stuff that non-malware-distributors do is SEO, so is the stuff that malware distributors do. In both cases it's optimising their (or their client's) site for search engines and deoptimising the search engines for people who want to find useful content.
Just like real viruses (Score:2)