Google rates Gumblar distribution URL as top malware site

Share this article:
The URL hosting the Gumblar attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads its list of Top 10 malware sites, according to Google.

Google sorted its rankings based on the number of compromised sites that reference some 4,000 different domains used by cybercriminals to ultimately distribute malware, according to a post on the Google Online Security Blog Wednesday.

Of those 4,000 domains, Gumblar.cn came out on top, with approximately 60,000 infected sites referencing as of Tuesday, Niels Provos, an engineer on Google's security team, told SCMagazineUS.com in an email Thursday. That URL was followed by Martuz.cn, which has been referenced by about 35,000 sites. Google said that of the 4,000 domains, about 1,400 were hosted in the .cn top-level domain.

Meanwhile, at least two of the Top 10 sites -- googleanalystics.net and goooogleadsence.biz -- were slightly misspelled variations of the real thing, a practice known as typosquatting.

“It's neither surprising nor new to see names of popular sites like Google used in this way,” Provos said.

Mary Landesman, senior security researcher at ScanSafe, told SCMagazineUS.com on Monday that the number of compromised websites leading to Gumblar malware has increased 188 percent in a week and that her  security firm is detecting some 1,000 unique code-injection attacks every two weeks.

Earlier this week, Beladen.net made news for being the final landing page in a mass injection attack. Researchers from Websense reported more than 40,000 websites tried to redirect users to the Beladen exploit page.

However, Beladen only made position 124 on Google's list, Google said in its blog post.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.