Web attack that "poisons" Google results is spreading
This is from Network World, with a link to US-CERT (U.S. Computer Emergency Readiness Team), so I am willing to treat it as legitimate, rather than a hoax. Since I don't understand all the details, I'm simply going to quote the Network World article.
Web attack that poisons Google results gets worse
The Gumblar attack has infected more than 3000 Web sites
By Robert McMillan , IDG News Service , 05/19/2009
A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergency Readiness Team warned on Monday.
The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on victims' machines, CERT said.
The program then steals FTP login credentials from victims and uses that information to spread further. It also hijacks the victim's browser, replacing Google search results with links chosen by the attackers.
Security experts started tracking the attack in March, when it had infected several hundred Web sites, but in recent weeks the number of infected sites has jumped dramatically. The attack has been called Gumblar because at one point it used the Gumblar.cn domain, though on Monday it had switched to a different one.
Security vendor ScanSafe has counted more than 3,000 infected Web sites, up from around 800 just over a week ago.
Security experts say that if you're using a fully-patched system with up-to-date security software, you should be protected from these attacks. To date, they've worked by hitting the victim with malicious PDF or Flash files. [emphasis mine]