- Jan 24, 2011
- 9,378
Researchers from Malwarebytes have discovered a campaign that abuses Google search featured snippets to show links to compromised websites that eventually redirect users to online scams or even exploit kits spreading ransomware.
The campaign relies on crooks identifying websites that get listed in "featured snippets," a Google feature that shows answers to common user questions.
Most of the times, these links lead to safe websites such as Wikipedia, but in some cases, they are also on personal blogs or news sites.
Gaming SEO search results
In an active campaign detected by Jerome Segura of Malwarebytes, crooks were redirecting users from a featured snippet for a Hungarian site to an online store where they were selling product keys for Microsoft Office.
If the user felt something was wrong when they clicked on a domain and ended up on another, by accessing the Hungarian site, they would actually be redirected to a page hosting the Neutrino exploit kit, which in turn would infect them with the CryptMIC ransomware.
The weird thing in this infection is that hackers even managed to trick Google's search engine to classify the original website, a sports-related portal, as the best answer for an Office-related question, meaning Google has two problems instead of one.
Gaming SEO results isn't something new by any means, but you'd expect this to happen with regular search results, not featured snippets.
Read more: Google SEO Trick Leads Users to Online Scam, CryptMIC Ransomware
The campaign relies on crooks identifying websites that get listed in "featured snippets," a Google feature that shows answers to common user questions.
Most of the times, these links lead to safe websites such as Wikipedia, but in some cases, they are also on personal blogs or news sites.
Gaming SEO search results
In an active campaign detected by Jerome Segura of Malwarebytes, crooks were redirecting users from a featured snippet for a Hungarian site to an online store where they were selling product keys for Microsoft Office.
If the user felt something was wrong when they clicked on a domain and ended up on another, by accessing the Hungarian site, they would actually be redirected to a page hosting the Neutrino exploit kit, which in turn would infect them with the CryptMIC ransomware.
The weird thing in this infection is that hackers even managed to trick Google's search engine to classify the original website, a sports-related portal, as the best answer for an Office-related question, meaning Google has two problems instead of one.
Gaming SEO results isn't something new by any means, but you'd expect this to happen with regular search results, not featured snippets.
Read more: Google SEO Trick Leads Users to Online Scam, CryptMIC Ransomware
