Gumblar Attack Diverting Online Users from Google Results to Malicious Pages
According to ScanSafe, a new campaign of websites hijack is trying to implant Google focused software on vulnerable computers.
The security company has revealed that the malicious codes use drive-by attacks that exploit vulnerabilities in Adobe Flash and PDF to infected users' computers. After installing on the system, it tries to siege File Transfer Protocol (FTP) details and create a backdoor path in the system.
Finally, the malicious code launches man-in-the browser attack and replaces the lawful Google search results with fake links pointing to compromised pages.
ScanSafe has referred the attack as "Gumblar attacks" because it is associated with the domain name "gumbler.cn". Until now, over 1,500 sites have been compromised, including Variety.com Coldwellbanker.com and Tennis.com. The number of attacks has grown nearly 88% since the second week of May 2009, said the security company.
Mary Landesman, Senior Security Researcher, ScanSafe, says that such kinds of attacks witness unprecedented growth which is a subject of great concern for the security companies, as reported by The Register on May 14, 2009.
Landesman also wrote in a blog post that the cyber criminals behind the Gumblar attack had learned the art of morphing its features quickly, as reported by eWeek.com on May 14, 2009. This feature and other characteristics of Gumblar attack are making it to spread more quickly than others.
The objective behind the launching of these attacks is to steal money from profitable advertising franchises. Due to the insertion of fake ads and links in certain searches, infected users get results which are different from what they should have been.
Hence, users are recommended that if they think that their websites have been compromised, they should first clean off their system from malware by changing the FTP account passwords. They should also install updated security software.
Related article: Gumblar Virus Infects Five Company Websites
» SPAMfighter News - 19-05-2009