Top Stories

  • Major US broadband policy plan to be revealed

    15.03.2010 Regulators in the US are set to roll out an ambitious broadband policy plan that will see the average American experience increases in speeds up to 25 times faster than what they currently experience. more...

  • Nexus One's arrival in Europe delayed?

    15.03.2010 Problems with its Nexus One handset may mean that Google will be unable to deliver the product to mass European markets, like the UK, until the middle of next month. more...

INNOVATION TASKFORCE REPORT
Anna Scally of KPMG, member of the Innovation Taskforce. Video: Courtesy of KPMG
EMC in Ireland
Chief executive, Joe Tucci, on EMC in Ireland and the future high-growth areas in IT.
Hide Header
‘Gumblar’ virus could be bigger than Conficker worm

Also in this section

 

CIO

‘Gumblar’ virus could be bigger than Conficker worm

25.05.2009
A new malware virus is on the loose and within days has become accountable for half the malware on the web. It is particularly vicious because it targets Google users in particular.

The worm, also known as JSRedir-R, attacks computers through vulnerabilities in Adobe PDF reader and Flash player.

By last week, more than half of all malware found on websites was identified as Gumblar, with a new webpage infected every 4.5 seconds.

The worm redirects the user’s Google search results to sites that download more malware onto the machine or allow criminals to conduct phishing attacks to steal login details.

It has begun to spread on sites where passwords or software have been previously compromised and visitors are infected without realising it.

It is believed the malicious worm draws its code from a webpage based in China.

Once cybercriminals are in possession of a victim’s FTP credentials, any sites that the victim manages can also be targeted for compromise – a common malware propagation tactic, said IT security firm ScanSafe.

“Because of the complexity of the Gumblar compromises, detection via traditional methods, such as signature detection and blacklisting, are ineffective,” said Mary Landesman, senior security researcher at ScanSafe.

“Gumblar’s sophistication and incredible growth rate should serve as a wake up call to the IT community. As cybercrime evolves in sophistication, so must our protection against it.”

Google immediately delisted the compromised websites upon discovering the breach. However, in early May, the attackers caught wind of this and began replacing the suspect IP address with another IP address, allowing the compromised sites to once again be listed by search engines. Both the injection and the redirection occur locally, on the compromised computer, and not on the search engine itself.

“The cybercriminals responsible for Gumblar have learned to morph its features quickly,” said Landesman. “This, coupled with Gumblar’s other dynamic characteristics, is allowing the compromise to disseminate more rapidly than others we’ve seen.”

Gumblar is the latest wave of serious website compromises that have plagued web surfers for the past two years. Overall, web malware increased 300pc throughout 2008, with another 19pc increase in the first quarter of 2009.

By John Kennedy

Site design by Whitespace Publishing. Web development and hosting by Tibus