Gumblar!!!

June 1, 2009

‘Gumblar’ virus could be bigger than Conficker worm. A new malware virus is on the loose and within days has become accountable for half the malware on the web. It is particularly vicious because it targets Google users in particular. The worm, also known as JSRedir-R, attacks computers through vulnerabilities in Adobe PDF reader and Flash player. By last week, more than half of all malware found on websites was identified as Gumblar, with a new webpage infected every 4.5 seconds. The worm redirects the user’s Google search results to sites that download more malware onto the machine or allow criminals to conduct phishing attacks to steal login details. It has begun to spread on sites where passwords or software have been previously compromised and visitors are infected without realizing it. It is believed the malicious worm draws its code from a webpage based in China. Once cybercriminals are in possession of a victim’s FTP credentials, any sites that the victim manages can also be targeted for compromise — a common malware propagation tactic, said IT security firm ScanSafe.