 |
US-CERT yesterday issued an alert that the worm is propagating, joining warnings from other Internet security watchers like Sophos' Graham Cluley, who last week blogged that his company's figures indicate that the malware is currently the Web's dominant threat.
Last Wednesday, Sophos researcher Onur Komili reported that Gumblar, also known as Troj/JSRedir-R, had roared to the No. 1 spot among the Web's most common infections -- noting that it's six times more prevalent than the next closest threat, at around 42 percent of all of Sophos' detections.
The Gumblar attack compromises Web sites through the use of stolen FTP credentials, which is one of the targets of the legendary Sinowal Trojan. The compromised sites then infect users by means of a drive-by download attack that infects via unpatched Adobe PDF and Flash Player vulnerabilities.
The malware "also steals FTP credentials (if found) from the victims' computers," Mary Landesman, a senior security researcher at ScanSafe, reported last week. "These stolen FTP credentials are then used to further compromise any websites owned or operated by the victim."
"As a result, there is exponential growth of these compromises -- as more victims are infected by encountering a compromised site, the number of compromised sites also increases and thus more visitors are exposed," Landesman wrote.
Despite its rapid spread, fighting back against the malware could be relatively straightforward.