Security experts have flagged the rise of a fast-mutating worm which already is supposedly responsible for up to half of all malware carried on web sites and which could become a bigger threat than the Conflicker virus.
The Gumblar worm targets Google search engine users and attempts to redirect returned search results to malicious sites.
According to anti-virus software supplier Scansafe, the gumblar.cn mal-script appears to be dynamically generated and varies not only from site to site, but also from page to page on the same site.
People who have come across the worm report that compromised web sites risk having their subsequent Google search results replaced with links that point to malicious and fraudulent sites.
Sophos has claimed Gumblar is responsible for at least 40% of all malicious code found on websites, and is mutating as it spreads. The variations of the injected code have reportedly increased, which is an obvious step to evade detection from security solutions.
Another security software vendor, Websense has said the destination page that Gumblar redirects people to serves up different versions of the malicious content.
It reckons this could be because the malware authors may have a randomiser built into their server-side code to intentionally serve it randomly each and every time.
The worm, which has be known as JSRedir-R in some circles, has been around for a while but the speed of its progress in the past week and more is a cause for concern. It is believed to have originated in China and attacks PCs through vulnerabilities in Adobe PDF reader and Flash player.
Webroot provides industry leading security solutions for consumers, enterprises and small and medium businesses worldwide.
The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...