Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Gumblar Attack Diverting Online Users from Google Results to Malicious Pages

According to ScanSafe, a new campaign of websites hijack is trying to implant Google focused software on vulnerable computers.

The security company has revealed that the malicious codes use drive-by attacks that exploit vulnerabilities in Adobe Flash and PDF to infected users' computers. After installing on the system, it tries to siege File Transfer Protocol (FTP) details and create a backdoor path in the system.

Finally, the malicious code launches man-in-the browser attack and replaces the lawful Google search results with fake links pointing to compromised pages.

ScanSafe has referred the attack as "Gumblar attacks" because it is associated with the domain name "gumbler.cn". Until now, over 1,500 sites have been compromised, including Variety.com Coldwellbanker.com and Tennis.com. The number of attacks has grown nearly 88% since the second week of May 2009, said the security company.

Mary Landesman, Senior Security Researcher, ScanSafe, says that such kinds of attacks witness unprecedented growth which is a subject of great concern for the security companies, as reported by The Register on May 14, 2009.

Landesman also wrote in a blog post that the cyber criminals behind the Gumblar attack had learned the art of morphing its features quickly, as reported by eWeek.com on May 14, 2009. This feature and other characteristics of Gumblar attack are making it to spread more quickly than others.

According to security experts, there is separate exploit code for each website which makes the identification of compromised websites extremely difficult. The attack can only be discovered when someone accidently comes to the infected website. Moreover, the attack involves obfuscated JavaScript that is inserted into the website's source code to exploit the flaws in Adobe Flash and Reader programs of a visitor. Consequently, the victim joins a botnet that changes the search results of Google.

The objective behind the launching of these attacks is to steal money from profitable advertising franchises. Due to the insertion of fake ads and links in certain searches, infected users get results which are different from what they should have been.

Hence, users are recommended that if they think that their websites have been compromised, they should first clean off their system from malware by changing the FTP account passwords. They should also install updated security software.

Related article: Gumblar Virus Infects Five Company Websites

» SPAMfighter News - 5/19/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page