Today security experts announced that an unknown intricate malware wave is rapidly redirecting users’
Internet searches, resulting in more than 2,300 computer infections. It is identified as ‘Gumblar’ for one of the attack domains. According to analysts, the attack is propogating through site vulnerabilities while injecting malicious javascript code within components of the site. In other words, a simple user may become the victim of the javascript attack while visiting the corrupt pages.
Considering the fact that Gumblar was detected on well known sites like Tennis.com, Variety.com, and Coldwellbanker.com it is spreading at a speedy rate for its exclusive characteristics. This piece of malware will redirect the results of search pages to different sites which are only the forgeries of the Websites.
To illustrate this case, let’s take one example; if a user attempts to visit Tennis.com via Google, he or she will instead be directed to a fake site which looks the same as Tennis.com, and a backdoor Trojan will be downloaded. Then, because of the trojan the cybercriminals are able to control the victim’s computer and highlight flaws in security issues through personal data and FTP credential theft. What’s more, when cyber-offenders have a victim’s FTP credentials, any sites that the victim manages becomes subject to compromise.
Since Gumblar’s scripts have a tendency to change from site to site, the process of detection becomes complicated.
To recap, this malware is said to be the fastest growing parasite on the web. With the ability to collect all FTP licenses on corrupted systems Gumblar is able to infect any sites and is powerful enough to expand to new domains.
Resources:
Review on Gumblar
New malware attacks
Article on promplty increasing Gumblar