May 19th, 2009


Web attack that "poisons" Google results is spreading

This is from Network World, with a link to US-CERT (U.S. Computer Emergency Readiness Team), so I am willing to treat it as legitimate, rather than a hoax. Since I don't understand all the details, I'm simply going to quote the Network World article.
Web attack that poisons Google results gets worse

The Gumblar attack has infected more than 3000 Web sites

By Robert McMillan , IDG News Service , 05/19/2009

A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergency Readiness Team warned on Monday.

The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on victims' machines, CERT said.


The program then steals FTP login credentials from victims and uses that information to spread further. It also hijacks the victim's browser, replacing Google search results with links chosen by the attackers.

Security experts started tracking the attack in March, when it had infected several hundred Web sites, but in recent weeks the number of infected sites has jumped dramatically. The attack has been called Gumblar because at one point it used the domain, though on Monday it had switched to a different one.

Security vendor ScanSafe has counted more than 3,000 infected Web sites, up from around 800 just over a week ago.


Security experts say that if you're using a fully-patched system with up-to-date security software, you should be protected from these attacks. To date, they've worked by hitting the victim with malicious PDF or Flash files. [emphasis mine]