Cybercriminals decided to use the Search Engine Optimization (SEO) to make their malicious links more widespread in the search results, allowing them to gain more victims with the Zeus Panda banking Trojan.
This Zeus Panda group determined to use a group of hacked websites to insert keywords in new pages or hide the keywords inside existing pages.
SEO-malvertising Zeus Panda distribution campaign has been discovered by Cisco Talos, the company also released a report with technical details about the distribution campaign.
According to Cisco Talos:
“The overall configuration and operation of the infrastructure used to distribute this malware was interesting as it did not rely on distribution methods that Talos regularly sees being used for the distribution of malware,”
The attackers are using compromised business websites that have earned ratings and reviews, they could make the results appear more legitimate to users (victims), as can be seen by the star/rating presented beside the results in the search engine result pages.
Victims clicking on these links in the results would arrive on the compromised website, then a malicious JavaScript code would execute in the background and forwarded the victim through a list of websites until he reached a website that offers a Microsoft Word document for download.