Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results poisoned with malicious links


  • Please log in to reply
7 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 PM

Posted 20 May 2009 - 06:34 AM

A new attack that peppers Google search results with malicious links is spreading quickly, the US Computer Emergence Response Team has warned.

The attack, which has intensified in recent days, can be found on several thousand legitimate websites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on victims' machine...

pcadvisor.co.uk
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 20 May 2009 - 06:46 AM

Thanks for the heads up :thumbsup: I wonder if it has anything to do with this?
http://news.cnet.com/8301-1009_3-10244529-...tml?tag=nl.e703
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 Stofzuiger

Stofzuiger

  • Members
  • 332 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The inside
  • Local time:04:34 AM

Posted 20 May 2009 - 07:03 AM

U mean the virus called "Gumblar" i think: http://www.us-cert.gov/current/index.html#...ack_circulating

As alot of times, being up to date keeps you clean :thumbsup:

Oh and not using IE seems to work to...

@pskelley i thought the same :flowers:


<edit=3times=Epic fail>

Edited by Stofzuiger, 20 May 2009 - 07:05 AM.

Every one goes fun fun fun


Who is this doin' this synthetic type of alpha beta psychedelic bleepin'? ~Chemical Brothers - Elektrobank


#4 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:34 PM

Posted 20 May 2009 - 07:03 AM

Assuming the timestamp of when that article was posted, I want to say it's possible since they both refer to Gumblar. Of course, I'm not a security expert like you guys are, so I'm not as sure on this stuff.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#5 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 PM

Posted 20 May 2009 - 07:51 AM

The attack has been called Gumblar because at one point it used the Gumblar.cn domain, though on Monday it had switched to a different one.

Web attack that poisons Google results gets worse
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 higherEd

higherEd

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 20 May 2009 - 10:24 AM

website that i manage has been a victim of these attacks. any suggestions on how to proceed with preventing further attacks after file cleanup? we have hundreds of web users managing their own sites. some use CMS system, some still use FTP via frontpage/dreamweaver type products. hosted by windows server 2003 patched and firewalled to the best of our ability.

#7 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:34 PM

Posted 21 May 2009 - 11:55 AM

After reading this topic I let Secunia scan my programs for missing patches/updates. Sure enough, there is one recent
patch out for Adobe Reader released in the past week.

Secunia also gives a download link for the patch if needed after the scan.
The latest Adobe Reader release is now 9.1.1

http://secunia.com/vulnerability_scanning/online/

This type of "driveby" attack is another good reason to use Firefox Browser with the NoScript addon.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 koolkat

koolkat

  • Banned
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 PM

Posted 22 May 2009 - 01:47 AM

:thumbsup: Just download McAfee SiteAdvisor here http://www.siteadvisor.com/download/windows.html

Now only visit sites that are green. :flowers:
------------------------------------------------------------------------------------------------------------------------
Spywareblaster: the Mods here told me about this great program that blocks most bad sites & bad cookies
before you can visit sites . :trumpet:

http://www.javacoolsoftware.com/products.html

----------------------------------------------------------------------------------------------------------------------
Also I created a Malicious Site list you should block with a firewall.

http://www.bleepingcomputer.com/forums/t/220968/malicious-ip-that-pushes-rogue-ware/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users