Heimdal Security discovered a malware campaign aimed at driving visitors to webpages that contain malicious code through blackhat SEO techniques.
According to a blog post on the security provider’s website, users are duped into downloading corrupted files when they search for popular software applications, including Java JRE, MSN 7, and Windows 8.
The infected webpages then spread malware to the users’ machines.
The attackers are also running a simultaneous campaign in which users are enticed to view pornography on sites that are contaminated with the Angler exploit kit. These sites then infect the users’ machines with malicious code.
In the blog post, Heimdal security manager Andra Zaharia said Google has been asked to remove the malicious webpages from search results.
Update: In speaking with SCMagazine.com, Heimdal Security CEO Morten Kjaersgaard said Google results have been affected more than results frotom other search engines because Google indexes new pages more quickly than its search competitors. Kjaersgaard expects hackers will begin using this method to infect specific pages on legitimate websites and use SEO to direct web visitors to the infected pages. He said, “This would be much more difficult for search engines to detect and fix.” Search engines would likely require manual intervention to deindex these pages, Kjaersgaard added. Google did not respond to requests for comment.
Heimdal: Malware campaign uses blackhat SEO to deliver malicious code