sj1183
06-01-2009, 05:44 PM
A new malware worm that targets Google fans and uses Javascript to attack computers through vulnerabilities in Adobe PDF reader and Flash player is on the loose. According to SophosLabs, the virus known as JSRedir-R blows all other web-based malware out of the water.
JSRedir-R accounted for 42 per cent of all malicious infections found on websites in a one week period. The malware, also known as 'Gumblar,' infected a new page every 4.5 seconds. (Source: sophos.com)
Infected Redirected via Google Result Pages
Google users are redirected to other sites that download more malware onto the user's computer and can also allow criminals to steal password details. In addition, the malware sniffs FTP credentials (if found), which are then used to compromise any websites owned by the victim.
The malware infects user machines, causing the redirection to occur locally. Once a machine is infected, any site managed by the victim can be targeted. The worm is believed to draw its code from a China-based website.
Traditional Detection Methods Ineffective
According to Mary Landesman, senior security researcher at ScanSafe, detection through traditional methods such as signature detection and blacklisting are not effective due to the complexity of the Gumblar compromises. It appears to be more sophisticated than other malware
JSRedir-R accounted for 42 per cent of all malicious infections found on websites in a one week period. The malware, also known as 'Gumblar,' infected a new page every 4.5 seconds. (Source: sophos.com)
Infected Redirected via Google Result Pages
Google users are redirected to other sites that download more malware onto the user's computer and can also allow criminals to steal password details. In addition, the malware sniffs FTP credentials (if found), which are then used to compromise any websites owned by the victim.
The malware infects user machines, causing the redirection to occur locally. Once a machine is infected, any site managed by the victim can be targeted. The worm is believed to draw its code from a China-based website.
Traditional Detection Methods Ineffective
According to Mary Landesman, senior security researcher at ScanSafe, detection through traditional methods such as signature detection and blacklisting are not effective due to the complexity of the Gumblar compromises. It appears to be more sophisticated than other malware