Popular WordPress SEO Plugin Fixes XSS Bug

The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two years ago, but it was still […]

The Web sites of some of the nation’s top universities were discovered to be serving up links to bogus online stores offering everything from popular software by Microsoft to student visas and Viagra, according to a report from security firm zScaler.

Online scam artists are using black hat search engine optimization (SEO) techniques to push more than just malicious software. In fact, SEO is increasingly being used to drive traffic to a range of phony Web based search engines that are feeding cost-per-click advertising scams, according to a blog post from Web security firm zScaler.

By Bradley Anstis, Marshal8e6
While search engine optimization (SEO) is becoming one of the must do’s for companies that are trying to improve theirsite ranking in search engines like Google and Yahoo, it’s also increasingly becoming a trick of the trade for spammers and malware authors looking to drive traffic to their own infected websites or websites they might have hacked with their malware.
Like any owner of a website, criminals are interested in directing as much traffic as possible to their pages in order to distribute content and increase potential profits. Of course, in their case, the content that they are pushing is malware that aims to use their unsuspecting victim’s computer to send spam, launch denial of service attacks or steal valuable information from other users, such as online banking passwords and credit card numbers. The financial goals are nothing new, but the technique shows the growing sophistication of the spammer and malware author community.  

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.