Despite a growing need for SEO services, and despite evidence that optimisation techniques helped UK retailers weather the 2008-2009 economic meltdown, SEO as an industry still has a tarnished reputation. More people in business recognize its value, but to the public, it is a shady, quasi-ethical industry at best, and a dishonest, thieving scam at worst. Recent high profile cases, like the massive “Soldier” attack on major US corporations, only add to this misconception.
According to Trend Micro, a coordinated series of attacks by a cybercriminal identified as “Soldier” has cost corporations in the United States over $3.2 million since January 2011, and “organizations and individuals [are] vulnerable to future attack.” The US was not the only target; according to Trend Micro, over ninety countries were “hit by shrapnel.” The attacks were centered around blackhat SEO techniques that were used to drive traffic to malware-ridden websites; toolkits like ZeuS and SpyEye were used to siphon off an average of $17,000 a day for months.
How? SpyEye is a “banking Trojan,” and it can steal sensitive financial information, most commonly banking credentials. The cybercriminals could access data, including names, bank account numbers, credit card numbers, and more. Further, they acquired thousands of Facebook logins, Yahoo!, Google, and eBay credentials, which can further compromise consumers. Malware developers depend on SEO to drive traffic to infected sites, where these Trojans are stealth downloaded.
ZeuS, a similar malware program, has been found “in the wild,” according to Kaspersky Labs, and a modified version, called Ice IX has been making appearances as well. These are able to modify banking sites and get around security measures, which include two-factor identification, that are used to protect online banking sessions. Amit Klein, CTO of Trusteer, says, “Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program – old or new.”
Consumers are urged to ensure that their antivirus software is up-to-date and always log out of banking sessions. When you do, make sure you see a confirmation screen that tells you that you are properly signed out, and then close that browser window.