DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Feb 10, 2025
Malware / Web Security
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and Lenart Bermejo said in an analysis published last week, Targets of the campaign include IIS servers located in India, Thailand, Vietnam, Philippines, Singapore, Taiwan, South Korea, Japan, and Brazil. These servers are associated with government, universities, technology companies, and telecommunications sectors. Requests to the compromised servers can then be served altered content from attackers, ranging from redirections to gambling sites to connecting to rogue servers that host malware or credential harvesting pages. It's suspected that the activity is the work of a Chinese-s...