IISerpent Trojan Targets IIS Servers, Manipulates Search Engine Optimization

seo search engine optimization

Recently, cybersecurity experts have had to deal with a large number of malware focusing the Internet Information Services (IIS) component. The latest malware family to join the list is the IISerpent Trojan. This server-side Trojan works in a very peculiar manner, and its primary focus in Search Engine Optimization (SEO) fraud. The malware installs itself as an add-on for Microsoft IIS. It then proceeds to intercept HTTP requests and traffic, but there is a twist. Unlike other IIS malware that uses this opportunity to hijack credentials and private data, like the IISpy Backdoor, this one behaves differently. Instead of targeting regular HTTP traffic, it only gets to work if it detects request to specific search engines.

If you are not familiar with how search engines work, then here's a short explanation. They have automated crawlers, which constantly scout the Web for pages to be indexed or re-indexed. Pages on the same domain may link to one another. The crawlers use special algorithms to calculate the search engine ranking of said pages.

IISerpent Trojan Serves Black Hat SEO Purposes

Typically, Search Engine Optimization strategies take months of effort, but the IISerpent Trojan may speed up the process through some shady techniques. This type of unethical SEO is commonly referred to as black hat SEO. This is the exact strategy that the IISerpent Trojan uses. It redirects search engine traffic to a pre-defined set of websites in order to boost their traffic. Furthermore, it may try to compromise the websites found on the infected IIS server, and then plant hidden backlinks on it. When a website received backlinks from a reputable page, search engines assume it is popular, legitimate, and highly sought. This typically results in a boost to its search engine ranking. In short, the IISerpent Trojan seems to focus on promoting fraudulent websites through black hat SEO.

These attacks are incredibly difficult to spot, because everything seems normal for the webmaster and users – all the 'magic' happens in the background. Of course, a quick look at a backlink report or network traffic statistics would reveal that there is something out of the ordinary.

The worst part about IISerpent Trojan's attack is that the affected websites may lose their good SEO standing. This may happen because search engine crawlers will soon spot the connection between the legitimate page and fraudulent websites – this typically results in penalties in terms of SEO status.

Operators of IIS servers can stay safe from the IISerpent Trojan attack by applying the latest software updates. Furthermore, they should consider investing in firewall and security solutions compatible with IIS servers. Last but not least, they should avoid interacting with unknown IIS extensions, especially if they come from non-trustworthy sources.

August 12, 2021