SEO Black Hat and distribution of malware by creating pages on lots of sites targeting the name of my site

My site made with WordPress is under SEO black hat attack. They’re creating many HTML pages using my site name such as following URLs with my site title & descriptions.

  • https://aaa.example111.it/my-site-name.html
  • https://bbb.example22222222.it/my-site-name.html
  • https://ccccc.example333.it/my-site-name.html

If you click the links of Google search results, first it displays ‘checking your browser before accessing’, then redirect to the malware site zvideo-live.com. Please see the attached list (although they are in Japanese).

What’s happening is very similar to ‘Japanese keyword hack’, but the difference is my site has not hacked and they are using another domains for this. (I thoroughly checked my site and Google tools.) Actually, the users don’t have any problems as far as they click my site domain on Google search results but my site and site domain are very new and most of the search results occupy these phishy sites and it’s annoying.

I made a abuse report to Google and OVHcloud, the domain company, but the malicious pages with new domains are being added every day and it’s very hard to keep doing this.

Following are the list of the domains that hackers are using. (As far as I detect.)

acquariobeb.it areaformativaliceomiranda.it brandoleseconsulenza.it byogastudio.it calabriamediterranea.it cmtservicesrl.it computerassistancesas.it domusvenetia.it fabioviglionephotography.it flanweb.it gabriellaricciocoach.it geniusdomus.it gpad.it granfondovalledelnisi.it lamonicaservizi.it macellerialimonenicola.it onmiccatania.it orsiinchianti.it pizzapadellino-slap-torino.it retedinapoli.it ristorantelafollia.it studiobaldin.it teatrokoine.it triede20.it xtecna.it zancleartecontemporanea.it 

enter image description here

HELP Google Search Console Flagged As Malware

Hi I'm having An Issue With My Website Being Flagged As Malware, Any Help In Figuring Out Why This Is Happening Would Be Greatly Appreciated
Attached Are 2 images but bigger files (Exceed Upload Limit) Are On A Help Post On Facebook
https://www.facebook.com/groups/598343080590393/permalink/1040309146393782/

Not Sure If This Is The Right Place To Post This

View attachment 260103 View attachment 260104

Is it safe to pg_dump and pg_restore a new postgres database that has malware?

I’m pretty sure there is a crypto bot eating up my CPU through a postgres script. I would like to create an entirely new VM, and move my database with it using pg_dump and pg_restore. I already checked my postgres for new users, tables, databases; couldn’t find anything odd there which could comprise me if I move my data. I’m a little worried however because the bot is some how getting access to my postgres, and nothing else on my VM.

Thank you for the help.

Monit Malware prevention

I recently noticed that my website had been hacked with a plugin that that was forcefully added to my WordPress site called "Monetization Plugin". I am working on cleaning the site at the moment, but am curious as to how to prevent something like this from happening again. I have 2 anti-malware plugins that have been running on the site already previously. There is online articles and forums that I found about the redirection malware and how to clean it, but not as to how the attack is performed in the first place. Any idea as to how this attack occurs so one can know how to prevent it in the future?

Using other programming languages for malware against EDR?

As an example, one of the most basic malware to inject into a process to get a C2 beacon goes like this:

Get Handle of a process -> VirtualAllocEx -> WriteProcessMemory -> CreateRemoteThread 

Now writing this in C/C++ is quite native as it can easily communicate with WinAPI. Are there any benefits in writing this in another programming language such as Golang or Rust to fight against EDR, not just an AV with static analysis checks? More specifically EDRs that are hooking and calling JMP to those WinAPI calls?

My question comes from the rise of .NET and C# with a lot of use cases such as using LOLBAS csc.exe to compile on machine or execute-assembly to load .NET assemblies in unmanaged codespace or process. However, this still use WinAPI by using P/Invoke (and now D/Invoke).

  1. Are there any benefits in using other programming language to call WinAPI function to fight against EDR?
  2. Are there any other ways of creating malware (e.g. dropper) besides calling WinAPI?
  3. Like with .NET and C#, will there be a new rise in existing (other) languages such as Go or Rust.

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

I tried to download malware pcap on ubuntu VM in microsoft azure from the putty but it is not allowing me to do so .It gives following output: 2016-12-17-traffic-analysis-exercise.pcap.zip: Permission denied Cannot write to ‘2016-12-17-traffic-analysis-exercise.pcap.zip’

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?I want to run pcap malware to test snort in my cloud server.I want to know on doing so if it will affect my local machine.

Virus / malware stored inside database

I have a small network of several Windows 10 machines (all protected by BitDefender 2020 Total Security), one of which acts as server with Firebird database.

For some time the database is deteriorating – in some random records some fields have altered values. I completly changed the server machine for a brand new with fresh Windows 10 installation and antivirus, on which the database was recreated from GBK archive. The primary machine was carefully check for RAM errors (with MemTest86) and SSD errors (CrystalDiskInfo and ADATA SSD ToolBox) – everything was in 100% fine.

I don’t have no suspicions other than that the server was hacked, but it looks like an alleged malware / virus must move inside database (even packed GBK archive), because only GBK file was moved to new machine (on verified pendrive).

Is it even possible that the virus is stored inside the database (e.g. in the form of stored procedures, etc.) and it transfers with GBK archive? If so, how to detect and remove it from database?

(Firebird database is stored in the form of single FDB file, which was scanned by BitDefender without any results)

What are the most tolerable options for a more general public type not to be victimized by malware?

I’ve talked with a new friend who is fairly bright and who can do some interesting things programming Office applications, but whose technical abilities omit infosec. And he got bitten by nasty malware.

I’m wondering what options might be most productive to offer to him. I’m not sure it’s realistic to repel all dedicated assault, but cybercriminals often look for someone who would be an easy kill, and (perhaps showing my ignorance here), I think it could be realistic to make a system that’s hardened enough not to be an easy kill.

Possibilities I’ve thought of include:

  1. Windows 10 with screws turned down (how, if that is possible?).

  2. Mint or another Linux host OS for what can be done under Linux, and a VMware or VirtualBox VM that is used for compatibility and may be restorable if the machine is trashed.

  3. Migrating to a used or new Mac, possibly with a Windows Virtual Machine, but most people using Macs don’t complain they are missing things.

  4. Perhaps with one of the technical situation, point my friend to user education saying things like "Don’t download software that you hadn’t set out to get. The price of Marine Aquarium of $ 20 up front is dwarfed by the hidden price tags of adware and spyware offering a free aquarium screensaver.

This is not an exhaustive list, although it’s what I can think of now. I’ve had a pretty good track record for not engaging malicious software, and I think it can be learned (and that documentation for online safety would be taken very, very seriously).

What can I suggest to my friend for online safety?