Gumblar, a malware targeting IE users
Scansafe, the largest global provider of Web Security-as-a-Service, reported that a stealthy malware called Gumblar targets users of Internet Explorer and forcibly redirects Google search page results to compromised pages. It also steals FTP details of victims and creates a backdoor on the system. It is named for the domain gumblar.cn involved in the attacks.
“The stolen FTP credentials are then used to further compromise any Websites owned or operated by the victim,” Mary Landesman, senior security researcher at ScanSafe, told eWEEK. “As a result, there is exponential growth of these compromises—as more victims are infected by encountering a compromised site, the number of compromised sites also increases and thus more visitors are exposed.”
Landesman told SCMagazineUS.com, “Gumblar attacks have jumped nearly 188 percent over the first week of May.” The report also says that more than 1,500 Websites including Tennis.com, Variety.com and Coldwellbanker.com have been attacked in the first week of May.
The goal of the malware is to siphon dollars from Google’s highly profitable advertising franchises, by replacing links in the Google’s search results page with those of the attacker’s choice.
A Google spokesman told SCMagazineUS.com that some compromised sites associated with this exploit may include a warning, saying “this site may harm your computer” associated with their search results listing.