Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


URL Distributing Gumblar is No.1 Malware Site Says Google

Google in its just released list, delineating the ten most malicious websites, ranks the site pushing the Gumblar attack as the top malware site since the attack has hijacked at least a few thousand authorized sites with malware, which quietly diverted visitors onto a certain Chinese domain.

States a post made to the Google Online Security Blog on June 3, 2009 that the company arranged the rankings on the basis of the total number of hijacked websites that relate to about 4,000 distinct domain names that cyber-criminals used to distribute malicious software.

Says Engineer Niels Provos from the security team of Google that out of these 4,000 different domains, Google has found Gumblar.cn as the one infecting the highest number of websites, counting to 60,000 as of June 2, 2009. SCMagazine published this on June 4, 2009.

Also states senior security researcher Mary Landesman at ScanSafe that the total number of hijacked sites distributing the malicious Gumblar software has risen 188% within just seven days and that ScanSafe is spotting approximately 1,000 attacks that involve code-injection every 14 days. SCMagazine reported this.

Moreover, after Gumblar.cn, the No.2 malicious domain is Martuz.cn that about 35,000 websites use. Google says that among the total 4,000 domains, approximately 1,400 are entertained on the top-level .cn domain.

In addition, two sites among the Top Ten - goooogleadsence.biz and googleanalystics.net - are the erroneously spelled versions of the actual names.

State the security researchers that during the end week of May 2009, the large-scale hack attempts observed, had the googleanalystics.net domain name play a key function in manipulating more than 20,000 legit sites.

States Provos that it is neither new nor surprising to find domain names of frequently visited websites like Google being abused in this manner.

Moreover, Beladen.net has been the name involved in a bulk attack of code-injection during the 1st week of June 2009. Experts from Websense identified over 40,000 websites that attempted to divert end-users towards the Beladen exploit site.

Hence, Google suggests users to select web browsers like Chrome or Firefox that feature Google's Safe Browsing API as self-defense against online threats like phishing.

Related article: URL Condensing Service ‘Cligs’ Hacked, Diverting Web-traffic to Wrong Place

» SPAMfighter News - 08-06-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page