According to ESET researchers who discovered and analyzed a previously undocumented server-side Trojan which is responsible for manipulating search engine results by hijacking the reputation of compromised websites. This Trojan named IISerpent was discovered in May 2021 and his main two characteristics are: being implemented as a malicious extension for the Internet Information Services (IIS) web server and using techniques to manipulate page results in search engines (SERP). IISerpent operators use a variety of search engine optimization (SEO) techniques in an attempt to improve the page rankings of third-party websites (they are probably the customers who pay these criminals).
IIS malware is a diverse class of threats used for cybercrime, cyber espionage, and SEO fraud, but in all cases its main objective is to intercept HTTP requests that reach the compromised IIS server and affect the way the server responds. to some of these requests and that is, IISerpent is implemented and configured as a malicious extension for IIS, Microsoft’s web server software. That allows the malware to intercept all HTTP requests made to websites hosted by the compromised server, but also to actively change the server’s HTTP responses.
To take security measures, we must know what malware does and that is why we must know how IIS-type malware operates and know its main functions.
▸IIS backdoors allow your operators to remotely control the compromised computer with IIS installed.
▸IIS information theft allows its operators to intercept normal traffic between the compromised server and its legitimate visitors and steal information such as login credentials and payment information.
▸IIS proxies turn the compromised server into an unintended part of the command and control infrastructure of another malware family.
▸SEO-related IIS malware modifies content served to search engines to manipulate SERP algorithms and boost rankings for other websites of interest to attackers.
See more:
What is a Negative SEO Attack
What we understand about SEO Poisoning
