Broadband News
News, views and analysis
Gumblar worm could be biggest threat to cybersecurity on the net
25 May 2009 | 14.00 Europe/London
A worm that's targeting Google users - the most mainstream online group of all - is becoming increasingly virulent and is now seen by some experts as the biggest Internet security threat out there. Gumblar, which is also known as JSRedir-R, is latching onto its victims through security flaws in some versions of Adobe's Flash Player and PDF reader software.
(Is it just me or are virus names sounding more and more like monsters from Japanese B-movies? Of course, the most scientific way of testing that theory is to insert virus names into Godzilla film titles. We end up with things like "The Terror of Gumblar" instead of The Terror of Godzilla, "Gumblar vs. King Google" instead of Godzilla vs. King Ghidora and - you guessed it - "Gumblar vs. the Conflickr Monster" instead of Godzilla vs. the Cosmic Monster. That's a categorical yes, then.)
Like Conflickr, Gumblar is being distributed through drive-by downloads; it's spreading through Flash movies and PDF files that have been compromised and infiltrating computers without their owners having any chance of knowing about it. After attacking, it starts diverting everyone's favourite search engine so that its results point either to pages where more malware can shovelled onto the unwitting victim's machine or to phishing websites, where account details for banks or social networking sites could be stolen.
While Gumblar itself isn't new, the scale on which it's spreading is something that's starting to worry net security experts. Anti-virus maker Sophos says it's currently behind 42 per cent of all cases of malicious code that they're finding on websites - and there are reports that it's infecting a new webpage once every four and a half seconds. Making matters worse, the writers of the virus have recently changed their tactics to make their code much harder to isolate.
“Because of the complexity of the Gumblar compromises, detection via traditional methods, such as signature detection and blacklisting, are ineffective,” says Mary Landesman, net security firm ScanSafe's senior researcher. “Gumblar’s sophistication and incredible growth rate should serve as a wake up call to the IT community. As cybercrime evolves in sophistication, so must our protection against it.” ScanSafe is recommending that website owners run a diagnostic check here to find out if they've been compromised.
Google has previously tried to deal with the worm by de-listing the malicious websites it tries to force innocent surfers on to. The cybercriminals behind Gumblar responded by changing the IP addresses of those websites - a bit like having a re-spray job on a stolen car - so that they could be re-listed behind the Mountain View firm's back. Most recently, they've optimised their monster so that it sidesteps the security features of its browser, Chrome. Now it's up to King Google to fight back.
[ Guardian | Silicon Republic ]
(Is it just me or are virus names sounding more and more like monsters from Japanese B-movies? Of course, the most scientific way of testing that theory is to insert virus names into Godzilla film titles. We end up with things like "The Terror of Gumblar" instead of The Terror of Godzilla, "Gumblar vs. King Google" instead of Godzilla vs. King Ghidora and - you guessed it - "Gumblar vs. the Conflickr Monster" instead of Godzilla vs. the Cosmic Monster. That's a categorical yes, then.)
Like Conflickr, Gumblar is being distributed through drive-by downloads; it's spreading through Flash movies and PDF files that have been compromised and infiltrating computers without their owners having any chance of knowing about it. After attacking, it starts diverting everyone's favourite search engine so that its results point either to pages where more malware can shovelled onto the unwitting victim's machine or to phishing websites, where account details for banks or social networking sites could be stolen.
While Gumblar itself isn't new, the scale on which it's spreading is something that's starting to worry net security experts. Anti-virus maker Sophos says it's currently behind 42 per cent of all cases of malicious code that they're finding on websites - and there are reports that it's infecting a new webpage once every four and a half seconds. Making matters worse, the writers of the virus have recently changed their tactics to make their code much harder to isolate.
“Because of the complexity of the Gumblar compromises, detection via traditional methods, such as signature detection and blacklisting, are ineffective,” says Mary Landesman, net security firm ScanSafe's senior researcher. “Gumblar’s sophistication and incredible growth rate should serve as a wake up call to the IT community. As cybercrime evolves in sophistication, so must our protection against it.” ScanSafe is recommending that website owners run a diagnostic check here to find out if they've been compromised.
Google has previously tried to deal with the worm by de-listing the malicious websites it tries to force innocent surfers on to. The cybercriminals behind Gumblar responded by changing the IP addresses of those websites - a bit like having a re-spray job on a stolen car - so that they could be re-listed behind the Mountain View firm's back. Most recently, they've optimised their monster so that it sidesteps the security features of its browser, Chrome. Now it's up to King Google to fight back.
[ Guardian | Silicon Republic ]