Threat to Google Search Results Worsens

The U.S. Computer Emergence Response Team warned of a new attack peppering Google search results with malicious links, spreading quickly. Security experts started tracking the attack in March, when it had infected several hundred Web sites, but in recent weeks the number of infected sites has jumped dramatically. The attack has been called Gumblar because at one point it used the Gumblar.cn domain, though on 18 May it had switched to a different one.

This attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on a victim's machine. The program then steals FTP login credentials and uses this information to spread further, while it also hijacks the victim's browser, replacing Google search results with links chosen by the attackers.

With Gumblar, more and more sites are now being infected. Some believe it is because Gumblar's creators have been good at obfuscating their attack code and making it harder to spot on infected sites. And because they have been stealing FTP login credentials, they've been able to use a few tricks to get their software onto the sites; like changing folder permissions, and leaving behind multiple ways that they can get back into the server.

Security experts say that if you're using a fully-patched system with up-to-date security software, you should be protected from these attacks. To date, they've worked by hitting the victim with malicious PDF or Flash files.