While SEO best practices help brands reach the widest possible audiences by garnering more web traffic, these same tactics can also be leveraged to help cyber-criminals reach the most victims.
In the case of a Windows Movie Maker scam, cyber-criminals used their SEO skills to drive a modified version of the now defunct software, delivered from the bad guy's site, to the top of Google's rankings resulting in the malware quickly spreading. When downloaded the malware does nothing to the computer, but attempts to convince the victim to buy the "full" version of the software for $29.95 (£23).
The threat actors do such a good job of SEO that the modified version of Movie Maker also placed first on Bing, which has the second largest global market share and on the first page of other search engines, ESET researchers said in a 9 November blog post.
The once popular free-editing software was discontinued by Microsoft in January 2017, but evidently not everyone received the news as searches have continued resulting in the malware being downloaded in Israel, the Philippines, Finland and Denmark. Researchers said that as of 5 November the malware was the third most detected threat worldwide and the number one threat in Israel.
When users install the modified software, the person does get a fully functioning version of Windows Movie Maker however, the malicious version claims only to be a free trial version and the scam comes in to play as the malware offers to up sell the victim the “full version” for $29.95.
The threat actors attempt the up sell at two points. First with the software is opened, next when the victim tries to save their work making it appear as if the upgrade is required to access the most basic features.
Researchers recommend users use reliable security solutions to detect and block malicious content, consider the official replacements for discontinued products, and not pay for software that is or was officially offered for free. Both Google and Microsoft were notified of the incident.