SECURITY EVANGELIST

Careful where you click!

The Heimdal Security team has observed a blackhat SEO campaign that is currently being delivered by using compromised web pages and dozens of script injections. Attackers have poisoned Google search engine results so that users would unknowingly land on malicious web pages by simply looking for information.

Some of the targeted keywords include Java JRE, MSN 7 and Windows 8, accounting for hundreds of thousands of searches each month. Here is an example of such a result, and you can see more below, in the provided printscreen:

http://mortalitymc [.] com / index.php? threads / sun-java-1-5-jre-download.119419 /

Blackhat SEO Campaign Passes Around Malware to Unsuspecting Users (1)

Here is a sample of the compromised web pages, which have been injected with malicious code to spread malware to unsuspecting users’ machines (sanitized by Heimdal Security):

http://www.mypromediastoreone [.]com/00002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit

http://www.mymediasearchnowone [.]com/000000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit

http://www.smartmediafinderone [.]com/02954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit

http://www.mydigitalfinderone [.]com/02954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit

http://www.newfastmediasearchertwo [.]com/000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit

http://www.smartmediafinderone [.]com/02954/download.php?id=2954&sid=sb-110&name=Descargar+Java+Runtime+Environment+Windows+8+64+Bits

http://www.mydigitalfinderone [.]com/00002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+1.6+0+64+Bit+Windows+8

http://www.mymediasearchnowone [.]com/00000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+6+Windows+8+64+Bit

http://www.newfastmediasearchertwo [.]com/0002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+7+Windows+8+64+Bit

http://www.mydigitalfinderone [.]com/002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+1.7+Windows+8+64+Bit

http://www.newfastmediasearchertwo [.]com/00000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit

On these pages, the victim is lured through social engineering techniques to install a Java JRE package, which is, of course, corrupted with malware.

Blackhat SEO Campaign Passes Around Malware to Unsuspecting Users (1)

Blackhat SEO Campaign Passes Around Malware to Unsuspecting Users (3)

The same cyber criminals behind this attack are also currently deploying another attack: they are leading users to web pages with pornographic content that are contaminated with Angler exploit kit that force-feeds the machine with malicious code.

Blackhat SEO Campaign Passes Around Malware to Unsuspecting Users (2)

What you can do to stay safe from such cyber threats:



Google has already been notified and the results will probably be eliminated from the results pages soon, but until then we recommend you:

Security Alert- GootKit and Godzilla Infostealers
2016.12.28 QUICK READ

Security Alert: GootKit and Godzilla Infostealers Target Victims’ Financial Information

drive-by-download-attacks
2016.11.08 INTERMEDIATE READ

How Drive-by Download Attacks Work – From Disbelief to Protection

Fileless Kovter Teams Up with Modular CoreBot Malware
2015.12.21 QUICK READ

Security Alert: Fileless Kovter Teams Up with Modular CoreBot Malware in IRS Spam Campaign

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP