1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Google SEO Trick Leads Users to Online Scam, CryptMIC Ransomware

Discussion in 'General Malware And Security' started by starbuck, Aug 2, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Researchers from Malwarebytes have discovered a campaign that abuses Google search featured snippets to show links to compromised websites that eventually redirect users to online scams or even exploit kits spreading ransomware.

    The campaign relies on crooks identifying websites that get listed in "featured snippets," a Google feature that shows answers to common user questions.

    Most of the times, these links lead to safe websites such as Wikipedia, but in some cases, they are also on personal blogs or news sites.

    Gaming SEO search results

    In an active campaign detected by Jerome Segura of Malwarebytes, crooks were redirecting users from a featured snippet for a Hungarian site to an online store where they were selling product keys for Microsoft Office.

    If the user felt something was wrong when they clicked on a domain and ended up on another, by accessing the Hungarian site, they would actually be redirected to a page hosting the Neutrino exploit kit, which in turn would infect them with the CryptMIC ransomware.

    The weird thing in this infection is that hackers even managed to trick Google's search engine to classify the original website, a sports-related portal, as the best answer for an Office-related question, meaning Google has two problems instead of one.

    Gaming SEO results isn't something new by any means, but you'd expect this to happen with regular search results, not featured snippets.

    Searching for "promoted sites" to hack

    Additionally, crooks could also actively search for third-party websites listed in featured snippets that are running vulnerable CMSs.

    After hacking these websites, attackers could employ the same scenario as above, hijacking the site's traffic that comes via Google's featured snippet, which can be quite considerable.

    Crooks do not necessarily need to alter Google search rankings to insert malicious featured snippets, and could very easily go after sites already in this privileged position.

    88ec41a5cd0b9e57b8a2ff5ea16de935.png
    Google featured snippet scam explained


    Source:
    http://news.softpedia.com/news/goog...-online-scam-cryptmic-ransomware-506891.shtml
     
    starbuck, Aug 2, 2016
    #1

Share This Page