BadIIS Malware Exploits IIS Servers for SEO Fraud

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

A newly uncovered cyber campaign has been observed exploiting Internet Information Services (IIS) vulnerabilities to distribute malware known as BadIIS.

The attack, affecting several Asian countries, manipulates search engine optimization (SEO) results to redirect users to illegal gambling sites or malicious servers.

Widespread Impact and Financial Motivation

According to Trend Micro’s findings, the attack is financially driven, as many victims are redirected to illicit gambling websites. The campaign has already impacted India, Thailand and Vietnam, with potential threats extending to the Philippines, Singapore, Taiwan, South Korea, Japan, Brazil and Bangladesh.

Compromised IIS servers belong to organizations in various sectors, including government agencies, universities, technology firms and telecommunications companies. Researchers suspect the malware is linked to Chinese-speaking threat actors, based on extracted domain data and Chinese-language code strings found in the samples.

Read more on IIS vulnerabilities: Frebniis Malware Exploits Microsoft IIS Feature

How BadIIS Operates

Once installed, BadIIS alters HTTP responses, leading to two primary outcomes.

  1. In SEO fraud mode, the malware checks the user’s search history and redirects traffic to illegal gambling sites when visitors arrive from search engines such as Google, Bing and Baidu
  2. In injector mode, it injects malicious JavaScript into web pages, rerouting unsuspecting users to attacker-controlled sites that host malware or phishing schemes

To ensure success, attackers use keywords from search portals to determine whether a visitor is a genuine user or a search engine bot. The malware then manipulates the HTTP response to mislead SEO trackers and maximize visibility for illegal content.

Strengthening IIS Security Against Attacks

With IIS being widely used across enterprises, securing these servers is critical. Trend Micro recommends the following measures:

  • Regularly update and patch IIS servers
  • Monitor for unauthorized IIS module installations
  • Restrict administrative access with strong passwords and multi-factor authentication (MFA)
  • Implement firewalls to filter suspicious network traffic
  • Continuously review IIS logs for signs of compromise
  • Disable unnecessary services to minimize vulnerabilities

With attackers evolving their tactics, IT teams must remain vigilant in monitoring and securing their web infrastructure against threats like BadIIS.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Third-Party Risk Management Failures Expose UK Finance Sector

Leave a Reply

Your email address will not be published. Required fields are marked *