Malware authors are always looking for new and artistic ways to spread malware and they always impress the victims with their new techniques. The groups of cyber-attackers are now spreading the newly variant of Zeus Panda banking Trojan with an entirely different spreading technique. They are now using Black-Hat SEO technique instead of old-school distribution technique such as mal-advertising and spam campaigns. These cyber-cribbers are relying on network of hacker websites on which they put selected keywords in the new-page. Sometime, they even hide the particular keyword in the existing page. This is very effective because the victim will start noticing spam or hacked websites in the result page at the top. For example, if anybody searches for banking hours details during particular day, they will see spam and hacked websites on the top result. If you click on these links, the webpage will get redirected to hacked websites. This is very dangerous because malicious Java-code get executed in the backdoor.
Combination of Malvertising and SEO Spam (A New Cyber Threat)
The URL redirections are actively used for malverting campaigns and it redirects the webpage over websites that contains aggressive Online ads and manipulate and cheat the victims with bogus tech support scams, exploit kits, bogus software update and so on. The Zeus Panda Group combines the SEO spam botnets with old malware advertising technique. This brings a MS Word documents which is same as victim get through spam email attachments.
This Word file when executed by the user, it immediately starts running malicious hidden scripts in background and installs a new version of Zeus Panda Banking Trojan. This hybrid SEO-malvertising Zeus Panda Distribution was first discovered by Cisco Talos and has released the complete technical details on this distribution campaign. This is the perfect example that cyber-criminals are now using advance techniques and refine the malware distribution method.