Explore the intricacies of search engine deoptimization techniques employed by Gootloader in this 54-minute conference talk from BSidesLV 2021. Delve into the obstacles researchers face, the preparation involving compromised Wordpress sites, and the malicious SEO tactics behind the scenes. Examine the search landing page swap, payload filename matching, target machine profiling, and the second stage Javascript installer. Investigate process hollowing, server infrastructure, and the implications for web users. Conclude by understanding why Gootloader's activities are ultimately Google's responsibility to address.
Overview
Syllabus
Intro
Obstacles to the researcher
Preparation: Wordpress compromised
Search engine de-optimization
Behind the scenes: Malicious SEO
Search landing page-the swap
Payload filename matches search terms
Profile the target machine
Second stage Javascript installer
Process hollowing
Server Infrastructure
What's a web user supposed to do?
Gootloader really is Google's problem
Taught by
BSidesLV
