The financial damage caused by fake E-commerce scams has been on the rise. Multiple research reports indicate that some threat actors behind scams of this type install malware into compromised websites for black-hat search-engine-optimization (SEO) purposes. The malware conducts SEO poisoning, making search engines display their lure pages as if these were placed on compromised websites. Then the lure pages redirect visitors from search engines to fake E-commerce sites, potentially victimizing them. In this study, we focus on the threat actors using this tactic. To understand the relationship between malware families used, we collected 1,242 Command and Control servers from 6 malware families and 227,828 fake E-commerce sites from these servers. Subsequently, we analyzed them using Maltego, a well-known link analysis tool. The results indicate the possibility that there are three groups operating only a single and unique malware family and a certain group operates multiple malware families, and also give significant insights about the malware families.