Gumbler Virus Infects Google Search, Deadliest Yet

Dennis Faas's picture

A new malware worm that targets Google fans and uses Javascript to attack computers through vulnerabilities in Adobe PDF reader and Flash player is on the loose. According to SophosLabs, the virus known as JSRedir-R blows all other web-based malware out of the water.

JSRedir-R accounted for 42 per cent of all malicious infections found on websites in a one week period. The malware, also known as 'Gumblar,' infected a new page every 4.5 seconds. (Source:

Infected Redirected via Google Result Pages

Google users are redirected to other sites that download more malware onto the user's computer and can also allow criminals to steal password details. In addition, the malware sniffs FTP credentials (if found), which are then used to compromise any websites owned by the victim.

The malware infects user machines, causing the redirection to occur locally. Once a machine is infected, any site managed by the victim can be targeted. The worm is believed to draw its code from a China-based website.

Traditional Detection Methods Ineffective

According to Mary Landesman, senior security researcher at ScanSafe, detection through traditional methods such as signature detection and blacklisting are not effective due to the complexity of the Gumblar compromises. It appears to be more sophisticated than other malware. (Source:

Malware Increased 300% in 2008

According to, web malware increased 300 per cent throughout 2008, with another 19 per cent increase in the first quarter of 2009.

Web malware presents a very real threat; more information on what to look for and how to protect your website if it gets infected can be found from Sophos Labs.

Visit Bill's Links and More for more great tips, just like this one!

| Tags:
Rate this article: 
No votes yet