Seemingly innocent searches can tempt you with malware-infested links.
Getting infected with malware isn’t just clicking on an errant file, but it usually occurs because an entire ecosystem is created by attackers to fool you into actually doing the click. This is the very technique behind something called SEO poisoning, in which seemingly innocent searches can tempt you with malware-infested links.
The malware chain begins by an attacker generating loads of fake web content that are intended to “borrow” or piggyback on the reputation of a legitimate website. The fakes contain the malware and manage to get search results to appear higher on internet search engines by using pairs of attackers: One poses the question on a forum, while the other “answers” with a link that contains the malware.
This way, the attackers can lure victims who are more likely to see and trust search results with a higher ranking. These conversations poison the online internet forums with various links that point to a ZIP file archive. The archive contains the initial stage of the malware. Later stages collect data on your IP address and other user information, and screens your endpoint to ensure that it is running Windows and meet other target criteria.
Researchers have attributed the malware to a group they call TAC-011 that has been in operation for several years and compromised hundreds of legitimate WordPress websites.
There are several proactive measures you can take to fight these sorts of attacks. First off, pay attention to what you are viewing in the search results page. While the poisoned link appears legitimate, it doesn’t usually survive closer inspection. For example, the transition documents cited above were included in a sports streaming website — that's how these results get their Google boost and show up higher in the SEO rankings. Being aware of what you are about to click on is always good advice.
Finally, any HR-related documents should be available on internal servers and should make this situation — as well as how to request the appropriate document — clear to employees.
Especially during the holiday season, beware of any delivery messages that ask for your personal data.
iSpoof collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States.