Today, many sites compromised today with the Blackmuscats conditional redirection, says Sucuri. Anyone visiting the hacked sites are being redirected to Fake Antivirus sites.
Researcher named this campaign as Blackmuscats because all the compromised sites have .htaccess redirections pointing to URL ending in “blackmuscats?5″.
Note that this is a conditional redirection, so you are only sent to the malware site if you are coming from a search engine, not if you visit the site directly.
" If someone visits a compromised sites by clicking on a search engine results page, you will be sent to one of those domains we listed above and then to www1.antivirusworrydanger.pl (and similar AV related domains)" Researcher says.
Researcher named this campaign as Blackmuscats because all the compromised sites have .htaccess redirections pointing to URL ending in “blackmuscats?5″.
Note that this is a conditional redirection, so you are only sent to the malware site if you are coming from a search engine, not if you visit the site directly.
" If someone visits a compromised sites by clicking on a search engine results page, you will be sent to one of those domains we listed above and then to www1.antivirusworrydanger.pl (and similar AV related domains)" Researcher says.