Computer Business Review

Security experts warn on mutating Gumblar worm

by CBR Staff Writer| 26 May 2009

A next Conficker in the making

Security experts have flagged the rise of a fast-mutating worm which already is supposedly responsible for up to half of all malware carried on web sites and which could become a bigger threat than the Conflicker virus.

The Gumblar worm targets Google search engine users and attempts to redirect returned search results to malicious sites.

According to anti-virus software supplier Scansafe, the gumblar.cn mal-script appears to be dynamically generated and varies not only from site to site, but also from page to page on the same site.

People who have come across the worm report that compromised web sites risk having their subsequent Google search results replaced with links that point to malicious and fraudulent sites.

Sophos has claimed Gumblar is responsible for at least 40% of all malicious code found on websites, and is mutating as it spreads. The variations of the injected code have reportedly increased, which is an obvious step to evade detection from security solutions. 

Another security software vendor, Websense has said the destination page that Gumblar redirects people to serves up different versions of the malicious content. 

It reckons this could be because the malware authors may have a randomiser built into their server-side code to intentionally serve it randomly each and every time. 

The worm, which has be known as JSRedir-R in some circles, has been around for a while but the speed of its progress in the past week and more is a cause for concern. It is believed to have originated in China and attacks PCs through vulnerabilities in Adobe PDF reader and Flash player.


Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Intelligence

Suppliers Directory

  • SDL Tridion - Web Content Management Solutions

    SDL Tridion is a global leader in Web Content Management (WCM) solutions.

  • Qualys - IT security risk and compliance solutions

    Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...

  • Neverfail Overview

    The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...

  • Capscan

    Capscan is a leading supplier of international address management solutions and data integrity services. Capscan has more than 1800 customers...


See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.