With the expansion of the attack surface, cybercriminals have started popping up with different kinds of malware and attack techniques. One such trojan has been discovered by ESET researchers, which manipulates search engine results.
What’s up?
A previously undocumented server-side trojan—IISerpent—has been found leveraging a myriad of SEO techniques to enhance the page ranking for specific third-party websites. It is suspected that these websites belong to the gang’s customers. The threat has been dubbed IISerpent since:
- It is executed as a malicious extension for Internet Information Services (IIS) web servers.
- It uses dubious tactics to exploit Search Engine Page Results (SERPs).
Why does it matter?
- IISerpent enables the malware to block all HTTP requests made to the websites hosted by the infected servers.
- It leverages unethical SEO techniques without webmaster consent and hence, the attack pattern can be called SEO fraud as a service.
Other IIS web server threats
- IIStealer is capable of accessing all network communication and pilfering the relevant information, such as card details from online transactions.
- The IISpy backdoor is capable of conducting long-term cyberespionage. It has been active since at least July 2020 and has affected IIS servers in the U.S., the Netherlands, and Canada.
The bottom line
The IISerpent module has been created to support malicious activities. While it doesn’t impact the legitimate visitors of the compromised server, it falsifies search results and can potentially be monetized. It is recommended to update your IIS servers and not install IIS extensions from shady sources.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/eff0_shutterstock_669652948.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_254344498.jpg)
