SEO Poisoning, or sometimes called "search poisoning"

Hackers have a new tool in their toolbox you should be aware of called SEO Poisoning or Search Poisoning. This form of attack relies on Black Hat SEO techniques to optimize web content.

Researchers from Menlo Security have spotted two separate campaigns one linked to the SolarMarker backdoor and the other leveraging REvil ransomware to infect unsuspecting netizins.

 

Here's how the attacks work

The hackers gain access to legitimate sites that rank well on Google and inject them with a variety of specific search terms.

Because the site is respected and ranks highly on its own surfers who find their way onto the site are more likely to accept that anything on the site is legitimate. The hackers leverage this trust by adding poisoned content to the site. This poisoned content appears in search results to be a PDF file requiring a download in order to view it.

When a user clicks on a download link, they seal their fate. Behind the scenes they are redirected multiple times ultimately winding up at a poisoned site controlled by the hackers where a malicious payload is dropped onto the visitor's device.

Both of these campaigns have leveraged respected WordPress sites taking advantage of an undisclosed flaw in a plugin called 'Formidable Forms.' The hackers install their malicious PDFs in the wp-content/uploads/formidable/ folder.

Most attackers who deploy ransomware demand exorbitant fees to regain access to your files. These two campaigns are notable for making much smaller demands ranging between $1,500 and $7,500.

 

My perspective

If you have a WordPress site and you use the Formidable Forms plugin download the latest version as soon as possible. The plugin's developers moved quickly to address the issue and a fix is available. As long as you are running version 5.0.10 or later you should be fine.

 

As Walter said in Breaking Bad: "I am the danger"

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association