Security scientists have spotted an intriguing malware campaign designed to maximize the search motor rankings of spam sites underneath the command of risk actors.
Around 15,000 WordPress and other internet sites have been redirected to the spam Q&A internet sites, according to Sucuri. The hackers are using modified WordPress PHP information and, in some scenarios, their possess PHP information to accomplish the redirects, with focused web pages on normal containing 100 contaminated files just about every.
The vacation spot spam web sites, of which Sucuri has so much located 14, have their servers concealed driving a CloudFlare proxy.
“The sites appear to be employing the very same Q&A pattern and are created making use of the Issue2Solution (Q2A) open up source Q&A system. In accordance to their web site, this system is at the moment powering more than 24,500 web pages in 40 languages,” the seller defined.
“The attackers’ spam web sites are populated with a variety of random questions and solutions located to be scraped from other Q&A internet sites. Several of them have cryptocurrency and monetary themes.”
Though no destructive action has been detected on these spam web pages as yet, the actors powering this marketing campaign could “arbitrarily include malware” to them or redirect guests all over again to destructive third-get together web-sites, Sucuri warned.
“It’s attainable that these poor actors are just trying to persuade Google that genuine folks from unique IPs making use of various browsers are clicking on their look for effects. This procedure artificially sends Google indicators that all those webpages are executing properly in lookup,” the vendor additional.
“If this is the situation, it is a fairly intelligent black hat Web optimization trick that we have almost never witnessed utilized in significant hack strategies. Nonetheless, its effect is questionable supplied that Google will be receiving tons of ‘clicks’ on look for final results devoid of any precise queries becoming done.”
This idea is backed by the actuality that the 2nd level domains of the Q&A web-sites “seem to belong” to the very same folks, it extra.
The campaign is considerably abnormal in that only 13% of all Website positioning spam bacterial infections are classified as a destructive redirect, in accordance to Sucuri.
Some parts of this article are sourced from:
www.infosecurity-magazine.com