Google rates Gumblar distribution URL as top malware site

By

The URL hosting the Gumblar attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads Google's list of Top 10 malware sites.

Google sorted its rankings based on the number of compromised sites that reference some 4,000 different domains used by cybercriminals to ultimately distribute malware, according to a post on the Google Online Security Blog.

Of those 4,000 domains, Gumblar.cn came out on top, with approximately 60,000 infected sites referencing as of Tuesday, Niels Provos, an engineer on Google's security team, told SCMagazineUS.com in an email. That URL was followed by Martuz.cn, which has been referenced by about 35,000 sites. Google said that of the 4,000 domains, about 1,400 were hosted in the .cn top-level domain.

Meanwhile, at least two of the Top 10 sites -- googleanalystics.net and goooogleadsence.biz -- were slightly misspelled variations of the real thing, a practice known as typosquatting.

“It's neither surprising nor new to see names of popular sites like Google used in this way,” Provos said.

Mary Landesman, senior security researcher at ScanSafe, told SCMagazineUS.com that the number of compromised websites leading to Gumblar malware has increased 188 percent in a week and that her  security firm is detecting some 1,000 unique code-injection attacks every two weeks.

Earlier this week, Beladen.net made news for being the final landing page in a mass injection attack. Researchers from Websense reported more than 40,000 websites tried to redirect users to the Beladen exploit page.

However, Beladen only made position 124 on Google's list.

See original article on scmagazineus.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?