Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
The attacks were first spotted by Sucuri, who says that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress.
The researchers believe the threat actors' goal is to generate enough indexed pages to increase the fake Q&A sites' authority and thus rank better in search engines.
The campaign likely primes these sites for future use as malware droppers or phishing sites, as even a short-term operation on the first page of Google Search, would result in many infections.
An alternative scenario, based on the existence of an 'ads.txt' file on the landing sites, is that their owners want to drive more traffic to conduct ad fraud.
Targeting WordPress sites
Sucuri reports that the hackers are modifying WordPress PHP files, such as 'wp-singup.php', 'wp-cron.php', 'wp-settings.php', 'wp-mail.php', and 'wp-blog-header.php', to inject the redirects to the fakes Q&A discussion forums.
In some cases, the attackers drop their own PHP files on the targeted site, using random or pseudo-legitimate file names like 'wp-logln.php'.
The infected or injected files contain malicious code that checks if the website visitors are logged in to WordPress, and if they're not, redirects them to the...
Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMibWh0dHBzOi8vd3d3LmJsZWVwaW5nY29tcHV0ZXIuY29tL25ld3Mvc2VjdXJpdHkvMTUtMDAwLXNpdGVzLWhhY2tlZC1mb3ItbWFzc2l2ZS1nb29nbGUtc2VvLXBvaXNvbmluZy1jYW1wYWlnbi_SAXFodHRwczovL3d3dy5ibGVlcGluZ2NvbXB1dGVyLmNvbS9uZXdzL3NlY3VyaXR5LzE1LTAwMC1zaXRlcy1oYWNrZWQtZm9yLW1hc3NpdmUtZ29vZ2xlLXNlby1wb2lzb25pbmctY2FtcGFpZ24vYW1wLw?oc=5
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.