Get Permission A new malware loader dubbed "Gootloader" is using search engine optimization techniques to spread ransomware, Trojans and other malware, the security firm Sophos reports. The campaign is active in North America, South Korea, Germany and France, Sophos researchers say. To trick victims into visiting infected websites, "Gootloader uses malicious search engine optimization techniques to squirm into Google search results," Sophos notes. "These techniques are effective at evading detection over a network – right up to the point where the malicious activity trips over behavioral detection rules." When someone enters certain keywords into a Google search, they are shown the link to the malicious website. Once they visit the website, they are then prompted to download a zip file that installs Gootloader, which then loads REvil ransomware and the Gootkit and Kronos Trojans, the report notes.