A malicious campaign compromised the security of more than 15,000 Internet websites. wordpress, that were exposed to the so-called Black Hat SEO technique, used to attack competing pages or websites.
It is one of the conclusions that PublicWWW has reached and that Sucuri has collected, who, since September of this year, has tracked an increase in malware of this content management system, which redirected users to fraudulent web pages with the nomenclature ois.is.
This is part of a redirection campaign carried out by malicious agents using the ‘black hat’ technique, which refers to a set of actions aimed at is to improve the positioning of a web page.
Specifically, Black Hat SEO consists of applying automated rules, massively creating artificial links and alternative text in photographs to deceive the selected search engine or making comments on blogs to encourage participation in voting.
As detailed by Sucuri, the attackers would have redirected thousands of users to other false web pages encouraging them to participate in forums through a series of questions and answerswith the aim of generating an increase in the number of visitors.
By accomplishing their goal, these web pages would have ranked higher in the search engine used, multiplying their and other attackers’ opportunities to issue bogus questions.
According to this security company, its system detected this type of redirection on more than 2,500 websites during the months of September and October and, according to PublicWWW, 15,000 WordPress web pages in total they would have been exposed to this attack.
Sucuri also comments that most of the infected files connected with the .php extension and among them would be ./wp-signup.php, ./wp-cron.php, ./wp-links-opml.php, ./wp-settings.php, ./wp-comments-post.php, ./ wp-mail.php, ./xmlrpc.php, ./wp-activate.php, ./wp-trackback.php and ./wp-blog-header.php.
At the moment, the way in which the attackers execute the so-called Black Hat SEO is unknown, but from the cybersecurity company they point out that it is possible that they do it through a vulnerable plugin and that they use ‘exploit’ kits to discover any type of ‘software’ susceptible to being attacked.
