BadIIS Strikes: DragonRank’s Sneaky SEO Scam Hits IIS Servers in Asia

Threat actors are targeting IIS servers in Asia with a campaign to install BadIIS malware. This SEO manipulation scam redirects users to shady gambling sites, proving that even hackers are trying to make a quick buck. Watch out for DragonRank, a group that makes SEO fraud look as easy as pie!

3P
Published: February 10, 2025 10:54 amAdded: February 10, 2025 at 3:12 amAssembled by: The Editor
Pro Dashboard

Hot Take:

***Oh, the irony of hackers using SEO for something other than optimizing cat memes. Who knew IIS servers could double as gambling promoters? Sounds to me like the hackers are just trying to bankroll their next Vegas vacation, one compromised server at a time!***

Key Points:

– Cybercriminals are targeting IIS servers in Asia to install BadIIS malware and manipulate SEO.
– The attack is financially motivated, redirecting users to illegal gambling sites.
– DragonRank, a Chinese-speaking group, is suspected behind the campaign, linked to Group 9 and Group 11.
– BadIIS malware alters HTTP response headers to redirect users based on certain keywords.
– The Funnull CDN is involved in infrastructure laundering, using IPs from AWS and Azure for criminal activities.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?