Gumblar malware poisoning Google searches, exploiting websites
Friday, May 15, 2009
Attacks from a virus called Gumblar have increased dramatically in the first weeks of May as it spreads rapidly to infect new PCs. Malware uploaded to PCs by the attacks forcibly redirects Google search page results to malicious websites, which perpetuate the virus, security researchers said.
Gumblar exploits bugs in Adobe Flash and PDF to install malware which steals FTP credentials and creates a back door and take control of the infected computer. Once the PC has been hijacked, the malware launches a man-in-the-middle attack to poison Google search results in Internet Explorer, researchers said.
The stolen FTP credentials are used to compromise any websites owned or operated by the victim, according to eWEEK. More victims are infected by encountering a compromised site, which so far totals more than 1,500 sites including Tennis.com, Variety.com and Coldwellbanker.com, eWEEK reported.
Google began delisting the malicious sites appearing in search engine results when the attacks were first spotted in March, but the hackers have responded by using different IP addresses.
Gumblar attacks, named for the domain gumblar.cn involved in the attacks, are sometimes accompanied by malicious iframes that load exploits and malware from domains hosted in Latvia. The gumblar.cn domain has a Moscow IP, researchers said.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
