Malware Redirects 15,000 Sites in Malicious SEO Campaign

Security researchers have spotted an intriguing malware campaign designed to increase the search motor rankings of spam web-sites below the management of threat actors.

Over 15,000 WordPress and other web sites have been redirected to the spam Q&A web sites, according to Sucuri. The hackers are employing modified WordPress PHP data files and, in some situations, their own PHP information to reach the redirects, with focused internet sites on ordinary that contains 100 contaminated data files every.

The location spam web sites, of which Sucuri has so considerably located 14, have their servers hidden guiding a CloudFlare proxy.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

“The websites appear to be to be using the identical Q&A pattern and are crafted using the Issue2Solution (Q2A) open source Q&A platform. According to their website, this platform is currently powering over 24,500 internet sites in 40 languages,” the seller described.

“The attackers’ spam web pages are populated with a variety of random issues and responses identified to be scraped from other Q&A internet sites. Numerous of them have cryptocurrency and economic themes.”

Despite the fact that no destructive exercise has been detected on these spam sites as but, the actors at the rear of this campaign could “arbitrarily include malware” to them or redirect website visitors yet again to malicious 3rd-party sites, Sucuri warned.

“It’s attainable that these poor actors are simply attempting to persuade Google that actual men and women from distinctive IPs applying distinctive browsers are clicking on their search outcomes. This technique artificially sends Google signals that all those pages are carrying out perfectly in research,” the seller extra.

“If this is the case, it’s a fairly clever black hat Web optimization trick that we have almost never seen made use of in enormous hack strategies. However, its impact is questionable presented that Google will be getting heaps of ‘clicks’ on look for outcomes without any actual searches currently being carried out.”

This idea is backed by the actuality that the second degree domains of the Q&A web sites “seem to belong” to the same folks, it additional.

The marketing campaign is relatively strange in that only 13% of all Web optimization spam infections are categorized as a destructive redirect, in accordance to Sucuri.