- Impact
- 3
I am not certain this is the best place for this but it seemed to be the most logical; if I presumed wrong, sorry, and mods feel free to move or close it.
SANS has a series of diary articles starting that is examining the large obfuscated PHP script used by RogueAV to get users to install malware. Although it rather glosses over the details, that includes the use of compromised machines to generate links for search engines to get its malware servers near the top of the search indexes for 'hot' keywords.
The link is to the first diary entry; there will be more entries in the future, per the author.
Here
SANS has a series of diary articles starting that is examining the large obfuscated PHP script used by RogueAV to get users to install malware. Although it rather glosses over the details, that includes the use of compromised machines to generate links for search engines to get its malware servers near the top of the search indexes for 'hot' keywords.
The link is to the first diary entry; there will be more entries in the future, per the author.
Here