Security Alert: Blackhat SEO Campaign Spreads Malware to Unsuspecting Users
Why you need a layer of protection that can block malicious links if you click on them without knowing
Careful where you click!
The Heimdal Security team has observed a blackhat SEO campaign that is currently being delivered by using compromised web pages and dozens of script injections. Attackers have poisoned Google search engine results so that users would unknowingly land on malicious web pages by simply looking for information.
Some of the targeted keywords include Java JRE, MSN 7 and Windows 8, accounting for hundreds of thousands of searches each month. Here is an example of such a result, and you can see more below, in the provided printscreen:
http://mortalitymc [.] com / index.php? threads / sun-java-1-5-jre-download.119419 /
Here is a sample of the compromised web pages, which have been injected with malicious code to spread malware to unsuspecting users’ machines (sanitized by Heimdal Security):
http://www.mypromediastoreone [.]com/00002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit
http://www.mymediasearchnowone [.]com/000000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit
http://www.smartmediafinderone [.]com/02954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit
http://www.mydigitalfinderone [.]com/02954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit
http://www.newfastmediasearchertwo [.]com/000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit
http://www.smartmediafinderone [.]com/02954/download.php?id=2954&sid=sb-110&name=Descargar+Java+Runtime+Environment+Windows+8+64+Bits
http://www.mydigitalfinderone [.]com/00002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+1.6+0+64+Bit+Windows+8
http://www.mymediasearchnowone [.]com/00000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+6+Windows+8+64+Bit
http://www.newfastmediasearchertwo [.]com/0002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+7+Windows+8+64+Bit
http://www.mydigitalfinderone [.]com/002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+1.7+Windows+8+64+Bit
http://www.newfastmediasearchertwo [.]com/00000002954/download.php?id=2954&sid=sb-110&name=Java+Runtime+Environment+Windows+8+64+Bit
On these pages, the victim is lured through social engineering techniques to install a Java JRE package, which is, of course, corrupted with malware.
The same cyber criminals behind this attack are also currently deploying another attack: they are leading users to web pages with pornographic content that are contaminated with Angler exploit kit that force-feeds the machine with malicious code.
What you can do to stay safe from such cyber threats:
Google has already been notified and the results will probably be eliminated from the results pages soon, but until then we recommend you:
- follow the guidelines in The Ultimate Guide to Secure your Online Browsing
- install a reliable antivirus product
- use a a solution that can protect you from second generation malware
- never download software from unreliable sources and choose to download apps only from the official websites.
In fact no matter if someone doesn’t know after that its up to other users that they will help, so here
it occurs.