SEO poisoning activities use US midterm election keywords to attack more than 10,000 websites

Oct 23, 2018Elley
Learn more about 360 Total Security

Recently, researchers discovered a search engine spam activity in the US midterm elections. Once the affected users are induced to click on the URL, they will be redirected to various scam websites, porn websites and non-essential software sales websites.

Search engine spam (aka search engine poisoning, black-hat SEO or search spam) is when an attacker creates a malicious website or cracks a legitimate website to generate a web page that promotes certain keywords. These pages are then linked together by a large number of sites controlled by the attacker to achieve a higher ranking in the search results. Those that are placed in front of the user after clicking on are scams or sales advertisements, and others use the vulnerability toolkit to infect user devices.

In a October 17 report, the researcher explained how attackers attacked more than 10,000 websites to promote 15,000 different keywords. BleepingComputer’s research shows that the vast majority of websites involved in this poisoning campaign are running Worpdress. It is not clear which vulnerabilities are being used to compromise these sites.

As the mid-term elections were underway during the same period, attackers used relevant political keywords to attract users to the site.

SEO poisoning activities use US midterm election keywords to attack more than 10,000 websites

According to the experts, these pages will display different content based on the user characteristics of the visited page. When the search engine crawler accesses the page, the content of the page search results will be modified, and the normal user will reach a malicious website through a series of redirects.

SEO poisoning activities use US midterm election keywords to attack more than 10,000 websites

In addition, SEO poisoning activities also use ransomware keywords. Some researchers have found SEO poisoning activities after they have appeared on the website that provides free software decryptors for ransomware. After keyword search, they can see the search results of two poisoning activities in Google search results (including ” Gandcrab ransomware version 2″ phrase). The results after the click are consistent with the other activities mentioned above.

SEO poisoning activities use US midterm election keywords to attack more than 10,000 websites

The target keywords for this event were found to include:

Learn more about 360 Total Security