 |  |  |  |  |  |  |  |
Gumblar hitting Googlers hard
Recently Google has hit the headlines with concerns over privacy courtesy of Street View mapping, plus allegations of trademark infringements with the Android open source mobile phone OS. The latest headlines, though, look like returning to the heart of Google: the search engine.
Google SERPs malware manipulation has hit new heights with the discovery that a series of website compromises know collectively as Gumblar has now infected more than 1,500 sites. Gumblar is growing at an alarming rate, by some 80 percent in the last week alone which pretty much eclipses the growth rate of any previously known Google SERPs manipulation scheme within the same kind of time frame.
Gumblar can grow so rapidly because of a number of rather unique characteristics which, when combined, makes traditional detection methodologies ineffective to say the least. Essentially, whenever you visit a Gumblar compromised site you are at risk. That risk might be from being susceptible to seeing fake search engine results when you go on to use the Google search engine afterwards, which will then forcibly redirect you to an 'imposter site' which in turn could scrape your personal data, including credit card details and the like, leading to identity theft and other fraudulent activity. One such activity being the theft of FTP credentials which can lead to any site that you manage also falling victim to the Gumblar compromise in turn. Of course, it should be pointed out that the injection and redirection both occur locally rather than on Google search servers.
"Because of the complexity of the Gumblar compromises, detection via traditional methods, like signature detection and blacklisting, are ineffective" Mary Landesman, senior security researcher at ScanSafe which uncovered the growing problem told us, continuing "Gumblar’s sophistication and incredible growth rate should serve as a wake up call to the IT community."
Google woke up as quickly as it could, and immediately delisted all compromised sites upon discovery of this breach. Of course, cyber-criminals are pretty clever these days and responded just as quickly by replacing the suspect IP address with another IP address and so enabling compromised sites to be relisted once more.
"The cyber criminals responsible for Gumblar have learned to morph its features quickly" Landesman admits, adding "this, coupled with Gumblar’s other dynamic characteristics, is allowing the compromise to disseminate more rapidly than others we’ve seen."
Google SERPs malware manipulation has hit new heights with the discovery that a series of website compromises know collectively as Gumblar has now infected more than 1,500 sites. Gumblar is growing at an alarming rate, by some 80 percent in the last week alone which pretty much eclipses the growth rate of any previously known Google SERPs manipulation scheme within the same kind of time frame.
Gumblar can grow so rapidly because of a number of rather unique characteristics which, when combined, makes traditional detection methodologies ineffective to say the least. Essentially, whenever you visit a Gumblar compromised site you are at risk. That risk might be from being susceptible to seeing fake search engine results when you go on to use the Google search engine afterwards, which will then forcibly redirect you to an 'imposter site' which in turn could scrape your personal data, including credit card details and the like, leading to identity theft and other fraudulent activity. One such activity being the theft of FTP credentials which can lead to any site that you manage also falling victim to the Gumblar compromise in turn. Of course, it should be pointed out that the injection and redirection both occur locally rather than on Google search servers.
"Because of the complexity of the Gumblar compromises, detection via traditional methods, like signature detection and blacklisting, are ineffective" Mary Landesman, senior security researcher at ScanSafe which uncovered the growing problem told us, continuing "Gumblar’s sophistication and incredible growth rate should serve as a wake up call to the IT community."
Google woke up as quickly as it could, and immediately delisted all compromised sites upon discovery of this breach. Of course, cyber-criminals are pretty clever these days and responded just as quickly by replacing the suspect IP address with another IP address and so enabling compromised sites to be relisted once more.
"The cyber criminals responsible for Gumblar have learned to morph its features quickly" Landesman admits, adding "this, coupled with Gumblar’s other dynamic characteristics, is allowing the compromise to disseminate more rapidly than others we’ve seen."
0
•
•
•
•
The cybercriminals are really smart. To avoid detection by Google, the cybercriminals have started modifying the robots.txt file to block the Googlebot from indexing the pages they've infected with malscripts.
We've been seeing this a lot in the past 2 days. It seems that most website owners don't know their sites have been tampered with until Google notifies them. So the cybercriminals think they can get a few more days on these sites before their malscripts are detected and someone notifies the website owner.
Pretty smart...
We've been seeing this a lot in the past 2 days. It seems that most website owners don't know their sites have been tampered with until Google notifies them. So the cybercriminals think they can get a few more days on these sites before their malscripts are detected and someone notifies the website owner.
Pretty smart...
Similar Threads
- Hit by Gumblar.a (search/replace should fix it) (Viruses, Spyware and other Nasties)
- Word 97 closes upon hitting print button (Windows Software)
- Please help Laptop keeps hitting 100% CPU Usage (Windows NT / 2000 / XP)
- cpu usage hitting 100% (Windows NT / 2000 / XP)
- hitting the libraries (Computer Science)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd android apple avatar bing bluegene botnet browser business cellphone censorship china chips cloudcomputing copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox games gaming gmail google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing medicine memory microsoft mobile mozilla music news openoffice opensource os pc piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam statistics sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working x86 xbox yahoo youtube