12:09 am (UTC-7) | by Ryan Flores (Senior Threat Researcher)
The U.S. midterm elections may have come and gone but cybercriminals have yet to cease related attacks on users eager for news on the turnout. As the Republicans take center stage, so do blackhat search engine optimization (SEO)-poisoned results.
Case in point, searching for updates on the U.S. midterm election results led to a poisoned link. This, of course, then led to the all-too-common FAKEAV warning prompt and fake scanning page.
What was interesting about this attack, however, is the fact that in addition to relying on keyword density and backlinks to increase a malicious page’s ranking, the cybercriminals also counted on related images to lead unwitting users into their trap. This was most probably done to trick search engines into increasing the doorway page’s ranking.
Elections and other noteworthy sociopolitical events have been known to be typical malware propagation vectors as seen in these posts:
- U.S. Elections Spam: This Just In?
- U.S. Elections Notable Threats
- Post-Election Spam Leads to Fake Pharma
Even scarier, however, is the fact that cybercriminals will stop at nothing to infect users’ systems. This attack just goes to show that they are getting better at what they do, keeping up with what vendors and service providers (i.e., search engines) are doing to mitigate threats. With the holidays in tow and craftier tricks up cybecriminals’ sleeves, we are urging users to stay vigilant and cautious in their online dealings. As in years past, it should not come as a big surprise should poisoned links crop up every time you search for great gifts and travel destinations, so beware.
Find out how blackhat SEO poisoning became one of cybercriminals’ favorite malware proliferation tools in the new Trend Micro research paper, “How SEO Became Big.”
Share this article