One of the most scariest things about malware is that you probably don’t know it’s there. Online criminals use stealth tactics to maximize their strategies. They plan on the malicious scripts they place on sites are never found. Site owners go about their business, creating and publishing great content, while in the background their infected sites dispense malware and display content while the owners have no clue.
SEO spam is content or links injected into web pages with the intention of hijacking a site’s good standing with the search engines to increase the ranking of another site, often a site peddling counterfeit good, pharmaceuticals, or pornography.
SEO spam malware will insert links to the criminal’s sites with keyword-rich anchor text, in the hope that Google will credit those links when ranking the target site. Of course, if a WordPress site owner sees that their site’s header or footer is full of these links, or that their site appears to contain pages of content that they have not created, they’ll be alerted that not all is as it should be. In fact, often it’s in the interest of the malware creators to hide their injected content from everyone except search engine crawlers, which is why much of the malware that infects WordPress sites is conditional.