Google results poisoned with malicious links

#1 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,109
Joined: 09-July 05
Location:Virginia, USA

Posted 20 May 2009 - 06:34 AM

Quote

A new attack that peppers Google search results with malicious links is spreading quickly, the US Computer Emergence Response Team has warned.

The attack, which has intensified in recent days, can be found on several thousand legitimate websites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on victims' machine...

pcadvisor.co.uk

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#2 pskelley

Forum Addict

Group: Staff Emeritus
Posts: 1,487
Joined: 07-June 04

Posted 20 May 2009 - 06:46 AM

Thanks for the heads up :thumbsup:

I wonder if it has anything to do with this?
http://news.cnet.com/8301-1009_3-10244529-...tml?tag=nl.e703

MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 Stofzuiger

Forum Regular

Group: Members
Posts: 332
Joined: 06-March 09
Gender:Male
Location:The inside

Posted 20 May 2009 - 07:03 AM

U mean the virus called "Gumblar" i think: http://www.us-cert.gov/current/index.html#...ack_circulating

As alot of times, being up to date keeps you clean :thumbsup:

Oh and not using IE seems to work to...

@pskelley i thought the same :flowers:

<edit=3times=Epic fail>

This post has been edited by Stofzuiger: 20 May 2009 - 07:05 AM

Every one goes fun fun fun
Who is this doin' this synthetic type of alpha beta psychedelic bleepin'? ~Chemical Brothers - Elektrobank

#4 scff249

Indecisive Lurker

Group: Members
Posts: 1,319
Joined: 14-February 08
Gender:Male
Location:A galaxy far, far away...

Posted 20 May 2009 - 07:03 AM

Assuming the timestamp of when that article was posted, I want to say it's possible since they both refer to Gumblar. Of course, I'm not a security expert like you guys are, so I'm not as sure on this stuff.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#5 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,109
Joined: 09-July 05
Location:Virginia, USA

Posted 20 May 2009 - 07:51 AM

Quote

The attack has been called Gumblar because at one point it used the Gumblar.cn domain, though on Monday it had switched to a different one.

Web attack that poisons Google results gets worse

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 higherEd

New Member

Group: Members
Posts: 1
Joined: 20-May 09

Posted 20 May 2009 - 10:24 AM

website that i manage has been a victim of these attacks. any suggestions on how to proceed with preventing further attacks after file cleanup? we have hundreds of web users managing their own sites. some use CMS system, some still use FTP via frontpage/dreamweaver type products. hosted by windows server 2003 patched and firewalled to the best of our ability.

#7 buddy215

Forum Addict

Group: BC Advisor
Posts: 4,490
Joined: 14-April 06
Gender:Male
Location:West Tennessee

Posted 21 May 2009 - 11:55 AM

After reading this topic I let Secunia scan my programs for missing patches/updates. Sure enough, there is one recent
patch out for Adobe Reader released in the past week.

Secunia also gives a download link for the patch if needed after the scan.
The latest Adobe Reader release is now 9.1.1

http://secunia.com/vulnerability_scanning/online/

This type of "driveby" attack is another good reason to use Firefox Browser with the NoScript addon.

#8 koolkat

Member

Group: Banned
Posts: 71
Joined: 12-April 09
Gender:Male

Posted 22 May 2009 - 01:47 AM

Just download McAfee SiteAdvisor here http://www.siteadvisor.com/download/windows.html

Now only visit sites that are green. :flowers:

------------------------------------------------------------------------------------------------------------------------
Spywareblaster: the Mods here told me about this great program that blocks most bad sites & bad cookies
before you can visit sites . :trumpet:

http://www.javacoolsoftware.com/products.html

----------------------------------------------------------------------------------------------------------------------
Also I created a Malicious Site list you should block with a firewall.

http://www.bleepingcomputer.com/forums/topic220968.html