In an effort to make online piracy less visible, search engines actively downrank and de-index pirate site domains.
This works, in the sense that it makes it harder for prospective pirates to bump into these sites though searches. It also created new problems and exacerbated others in the process.
Scams Galore
Since the top positions in search results are relatively free of well-known and generally more trusted pirate sites, malicious actors use this void to get piracy-related scams featured instead. To do so, they create keyword-filled pages using titles of high-demand content, paired with keywords such as ‘download’, ‘stream’, ‘free’, and so forth.
To increase the effectiveness of this tactic, the scammers try to get their shady promotions featured on reputable domain names, such as universities, IMDb, and social media platforms.
This is a problem we’ve highlighted previously, including frequent targeting and abuse of official European Union websites (europa.eu). The EU is taking countermeasures to limit the abuse but ending it permanently appears to be a challenge.
EU Subdomain Exploited
This week we discovered what is likely one of the more egregious exploits of the Europa.eu domain. As it turns out, scammers found a way to use a subdomain of the European Food Safety Authority (EFSA) website, mgmt-test.efsa.europa.eu, to promote their dubious schemes.
What was particularly concerning was the automatic redirection of users who clicked the link, to a scam website where they could ‘sign up‘ for an account. Those sites typically ask for credit card details, which may then be abused in the future.
Over the weekend, a site offering free access to a Super Bowl stream was particularly popular. Different variations appeared in search results, as shown below.
Similar promotions were seen from the same EFSA subdomain, linking to adult content including Onlyfans leaks, and traditional copies of pirated movies. Needless to say, people who stumbled upon these through search engines, didn’t get what they were looking for.
Previous scams typically involved uploaded PDF files or user-generated content containing links to scam sites. The recent exploit redirected visitors automatically, which presumably made it more effective.
EFSA Leak Fixed
After alerting EFSA, the organization was quick to address the issue and the affected subdomain was taken offline in a matter of hours. At the time of writing, the redirects are no longer active, and the associated pages have started to disappear from search engines.
Of course, this doesn’t mean that all will be fine from now on. Caution is certainly advised. Over the past few days, dubious content has been posted to other EU websites as well, including the European Social Fund+ and the Interoperable Europe website. And there will likely be more holes to patch going forward.
This problem isn’t limited to the EU websites either. GitHub continues to be targeted, and it wasn’t hard to spot these scams on other reputable sites, including those of the University of Melbourne and Taylor County in Texas.
Looking at the big picture, it’s ironic that piracy downranking measures by search engines like Google have inadvertently created an opportunity for scammers. They are now leveraging those same search engines by exploiting third-party sites.
From: TF, for the latest news on copyright battles, piracy and more.
Powered by WPeMatico
