'Gumblar' Hacked Sites Install Google-targeting Malware
A new round of Web sites hijacks is attempting to install malicious, Google-focused software on unpatched PCs, according to security company ScanSafe, further cementing the drive-by-download approach as a bad-guy tactic of choice.
The attack, dubbed "Gumblar" by ScanSafe, starts by hijacking legitimate sites and inserting attack code. The more than 1,500 hacked sites, including Tennis.com and Variety.com, don't represent an especially huge number, but it's growing rapidly. Since last week, the attack has grown by 80 percent, according to the company, and has spiked 188 percent since yesterday.
The inserted attack code attempts to identify old, unpatched vulnerabilities on a victim PC that browses a hacked site, and will take advantage of any discovered hole to install malware. These kinds of drive-by-download attacks are sneaky and dangerous, but the good news is that while the actual exploits used vary as time passes, the company says none have yet gone after zero-day holes that don't yet have a fix available.
The attack code has largely gone after PDF and Flash flaws discovered in the last year (such as APSA08-01 and APSB08-11), according to the company's spokesperson. Such attacks typically go after browser plugins installed by software and don't require opening or downloading anything, but these particular assaults can be largely neutered by making sure you have the latest versions of the Adobe software.
One of the explanatory blog posts from ScanSafe also describes using old MDAC exploits as well, so be sure you're up to date on Microsoft updates also. The PDF attack approach is more bad news for Adobe, whose programs have become a favorite target of late.
Successful attacks will attempt to install malware that manipulates Google search result pages when viewed by Internet Explorer. Victims may see fake results that will redirect them to fraudulent sites. To spread itself further, the malware will also attempt to steal FTP logins and hijack any Web sites controlled by an infected PC.
To guard against this attack and other drive-by-downloads, any automatic update feature for Windows and any installed software is your best friend. For those apps that might not include such a feature, I'm a fan of the Secunia PSI software. For more on Gumblar, see ScanSafe's Gumblar Q&A.
» posted by ITworld staff
PC World
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
