The URL hosting the Gumblar
attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads its list of Top 10 malware sites
, according to Google.
Google sorted its rankings based on the number of compromised sites that reference some 4,000 different domains used by cybercriminals to ultimately distribute malware, according to a post on the Google Online Security Blog Wednesday.
Of those 4,000 domains, Gumblar.cn came out on top, with approximately 60,000 infected sites referencing as of Tuesday, Niels Provos, an engineer on Google's security team, told SCMagazineUS.com in an email Thursday. That URL was followed by Martuz.cn, which has been referenced by about 35,000 sites. Google said that of the 4,000 domains, about 1,400 were hosted in the .cn top-level domain.
Meanwhile, at least two of the Top 10 sites -- googleanalystics.net and goooogleadsence.biz -- were slightly misspelled variations of the real thing, a practice known as typosquatting
“It's neither surprising nor new to see names of popular sites like Google used in this way,” Provos said.
Mary Landesman, senior security researcher at ScanSafe, told SCMagazineUS.com on Monday that the number of compromised websites leading to Gumblar malware has increased 188 percent in a week and that her security firm is detecting some 1,000 unique code-injection attacks every two weeks.
Earlier this week, Beladen.net made news
for being the final landing page in a mass injection attack. Researchers from Websense reported more than 40,000 websites tried to redirect users to the Beladen exploit page.
However, Beladen only made position 124 on Google's list, Google said in its blog post.