One vulnerable web site may be able to fulfill a number of cyber criminal organizations, each one altering the site to serve its own purposes.
In many cases, websites end up compromised and altered to lead visitors to domains that push fake antivirus programs, which lately have become a great way for criminals to earn a big payday, security researchers found.
Once they overtake the site, the attackers rely on Blackhat SEO techniques to increase traffic to their fake programs, said researchers at Zscaler.
In order to do this, they set up two different pages on the compromised domain. First, they create a spam page that search engines, security scanners and blacklisting mechanisms see as harmless. This page doesn’t contain any obfuscated code and performs the redirect via a PHP or .htaccess file.
The second page is the one that contains the redirect to a site in charge of performing the attack on users.
While in most cases users can protect themselves against such attacks by utilizing a lot of common sense and reliable security solutions, website administrators and owners should also act responsibly and check their websites as often as they can for any type of misuse.