Search This Blog

Showing posts with label blackhat seo poisoning. Show all posts

Searching for Keyword “Windows Android Drivers” leads to Malware website


CyberCriminals often use SEO poisoning techniques to lure unsuspecting internauts to their malicious websites.  In one recent example, Cyber Criminals targeted Android users by poisoning Yahoo! search result.

Security Researchers at GFI Labs have found that searching for "Windows Android Drivers" points to a malicious website [bestdrivers(dash)11(dot)ru] .

Visiting the Russian site in question automatically downloads a file called "install.exe"- a Trojan file.

Once the file is being executed, the malware modifies the home page of Internet Explorer to malicious domain.

In case victim visit the same Russian site from their android devices, the are redirected to various malicious websites which contain the "android" keyword in the domain name. These sites direct users to fake Google play sites.

Few months back, I discovered that Google Image search result being poisoned and directs me to an infected website. 

Now Bing image search results leads to BHEK v2- Blackhat SEO poisoning


I reported a few days ago that Google Image search result leads to BlackHole Exploit kit v2.0 page. Now, Bing Image search results also leads to malicious sites.

A quick image search in Bing for the keyword 'movie outline example' results rogue images that leads to malicious websites. The attackers use BlackHat SEO to poison the search results.

Blackhat SEO, also known as malicious SEO poisoning, occurs when hackers manipulate search engine results to make their links appear higher than legitimate results. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious websites.

According to Sophos report, Bing search results are being poisoned more than other search engines(65%). 

"Digging further into the data, it is also clear that the attackers are getting most success from poisoning image search results." Researcher said.

When i clicked one of the rogue image, i was redirected to a malicious site "zaka.uni.**" that hosts the latest version of BlackHole Exploit kit(v2.0).

'zaka' , the same keyword is used in the malicious domain used in Google Image result attack. It seems like same group is poisoning Bing search result also.