The hacker group that distributes the Zeus Panda banking Trojan uses search engine optimization techniques to "poison" Google's search results and ensure the appearance of their malicious sites at the top of the search results.

SEO on the service of the forces of evil.

Attackers who are behind the advent of the banking Trojan Panda Zeus, adopted a very unusual way to spread their malware - search engine optimization (SEO). The case can be considered unique; so far, no such security experts have observed. Detailed technical description of the Panda Zeus campaign prepared by Talos specialists.

Search engine optimization is a set of measures to change the content of a site to raise its positions in the results of issuing search engines for specific user requests. The ultimate goal of these activities is to increase network traffic and attract new users.

In this case, carefully selected keywords and phrases are integrated into old and new malicious sites, thereby exploiting the features of the Google search engine and outputting malicious resources to the top positions in the search results for specific queries.

Weak point scheme.

Users who have had the unwillingness to go on malicious links will be redirected through a whole series of different sites to one specific one where the victim will be offered to download a Word file with malicious stuffing.

To activate it, you need to enable macros in Microsoft Office.

By default, they are disabled and only through the social engineering of users can this be done.

"In general, attacks on end-users are becoming more complicated and cunning, as the technologies become more complex," said Oleg Galushkin, security expert at SEC Consult Services. - On the other hand, some methods remain unchanged: for all the ingenuity of this scheme, the "traditional" use of macros is its weakest point. Although it can not be denied that this method remains very effective ".