Millions duped in poisoned Google Image attack

Trend Micro finds a well-crafted poisoned SEO campaign has seen millions of users visit malicious pages.

Infection

A poisoned search engine optimisation (SEO) campaign has duped over 100 million web users into visiting malicious web pages, a security firm has warned.

The campaign, run by a well-known blackhat SEO operator, has used Google image search to redirect users to fake anti-virus downloads in a bid to compromise users' systems.

"In just one month, this campaign was able to redirect nearly 300 million hits from 113 million visitors to the malicious landing pages," Trend Micro explained in a blog post.

"In addition to generating pages full of bad links and keywords to boost search engine results ranking, the operator also embedded images taken from legitimate sites so its pages can get a high Google Image Search index."

To date, Trend Micro said it had identified 4,586 compromised servers connecting to the blackhat SEO command server.

Using these servers, the hackers have implanted two kinds of pages inside various websites, one being a standard fake anti-virus scanning page, the other a Traffic Direction System (TDS) page.

"TDS pages are used as landing pages to direct traffic to malicious content based on a variety of criteria such as OS, browser version, and geographic location," the security firm explained.

"This particular campaign uses the well-known SUTRA TDS to redirect users to [fake anti-virus] landing pages or to pages that host the Black Hole Exploit pack."

In the past 30 days, that TDS redirected 220,175,652 hits from 82,568,468 visitors.

This campaign targeted Mac users in particular by using landing pages designed to imitate the appearance of the Mac OS.

"This campaign again demonstrates how effective blackhat SEO techniques are in driving traffic to malicious websites," Trend Micro added.

"Despite low conversion rates in terms of exploitation and [fake anti-virus] downloads or purchases, this operation is still likely generating a considerable amount of money for its operators."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021
Ennoconn and Google Cloud enter a strategic alliance
Cloud

Ennoconn and Google Cloud enter a strategic alliance

14 Oct 2021
Google Workspace adds Jira and AppSheet integrations
collaboration

Google Workspace adds Jira and AppSheet integrations

13 Oct 2021
Google Cloud reveals edge-focused Distributed Cloud portfolio
cloud computing

Google Cloud reveals edge-focused Distributed Cloud portfolio

13 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021