Gumblar Virus Infects Five Company Websites

The scary worm 'Gumblar' might have infected over 70,000 PCs that accessed the websites of five corporations; one of them was Honda Motor Corp. The malware reportedly changed the websites since December 2009.

Hackers, who used this worm, also changed the websites of Radio Kansai based in Kobe, Shin-etsu Broadcasting Co. based in Nagano, Morozoff Ltd., the Kobe confectionary, and East Japan Railway (JR) Co.

After infecting a computer, the Gumblar virus displays fake results on Google search engine surfed via Internet Explorer as well as defaces the websites. Consequently, misleading web-links are generated that direct surfers to another site. This site was earlier existed as gumblar.cn in China.

This is made possible as the virus inserts malicious code, which ultimately allows hackers to hijack passwords along with other sensitive details regarding File Transfer Protocol with which websites are managed.

The officials at Honda stated that the worm defaced the auto manufacturer's website for Stream minivans during December 18-21, 2009. During those days, approximately 5,000 people visited the site.

In addition, the virus repeatedly attacked JR East website during December 8-22, 2009. At that time, hackers wrote a program into the site. While the restoration of the program was being done on December 23, 2009, approximately 50,000 users had visited the site.

During December 26-28, 2009, hackers using the Gumblar virus also defaced the Shin-etsu Broadcasting website that resulted in approximately 5,400 computers infection. Similarly, the website of Radio Kansai was affected during December 15-16, 2009 when 6,000 visitors accessed it.

Furthermore, the Morozoff website was infected on January 4-5, 2009. Officials at the company stated that they were yet determining if the issue was due to the same malware. However, they substantiated that atleast 3,860 users visited the site during that period.

According to reports, authorities at the Information-Technology Promotion Agency, a government-affiliated entity, are asking website-administrators to check if their sites are infected and to clean them off Gumblar. Furthermore, the Agency has also alerted Internet surfers about the virus.

Security specialists cautioned computer-users to make sure that their software programs were all up-to-date.

Related article: Gumblar Attack Diverting Online Users from Google Results to Malicious Pages

» SPAMfighter News - 1/18/2010