Incident Response, Malware, TDR, Vulnerability Management

Google rates Gumblar distribution URL as top malware site

The URL hosting the Gumblar attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads its list of Top 10 malware sites, according to Google.

Google sorted its rankings based on the number of compromised sites that reference some 4,000 different domains used by cybercriminals to ultimately distribute malware, according to a post on the Google Online Security Blog Wednesday.

Of those 4,000 domains, came out on top, with approximately 60,000 infected sites referencing as of Tuesday, Niels Provos, an engineer on Google's security team, told in an email Thursday. That URL was followed by, which has been referenced by about 35,000 sites. Google said that of the 4,000 domains, about 1,400 were hosted in the .cn top-level domain.

Meanwhile, at least two of the Top 10 sites -- and -- were slightly misspelled variations of the real thing, a practice known as typosquatting.

“It's neither surprising nor new to see names of popular sites like Google used in this way,” Provos said.

Mary Landesman, senior security researcher at ScanSafe, told on Monday that the number of compromised websites leading to Gumblar malware has increased 188 percent in a week and that her  security firm is detecting some 1,000 unique code-injection attacks every two weeks.

Earlier this week, made news for being the final landing page in a mass injection attack. Researchers from Websense reported more than 40,000 websites tried to redirect users to the Beladen exploit page.

However, Beladen only made position 124 on Google's list, Google said in its blog post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.