The huge network of web pages compromised by the Gumblar botnet is now being used to spread malware, according to researchers.
Security firm ScanSafe reported that a number of pages connected to the Gumblar attacks in May had been serving malware to visitors.
The company noted that the attacks were unique in that, rather than infecting the pages to link to a single attack site, each of the compromised servers is hosting the malware on its own.
In addition to the compromised pages, the botnets operators have inserted a script that redirects users to a number of web forums.
"The majority of the compromised sites are small 'mom and pop' style sites in non-English speaking countries, but that's not important because the attackers have a clever trick for driving traffic directly to the malware hosted on those sites," said ScanSafe senior security researcher Mary Landesman in a blog posting.
First appearing in May, the Gumblar attack gained notoriety in the security world for the speed at which the malware spread. The attack not only compromised the target system, but checked for FTP credentials which were then used to target other pages.
See also:
Websense warns of highly targeted assault 16 Oct 2009
MessageLabs warns malware is likely to go undetected 14 Oct 2009
Company hopes acquisition will bolster web-based security line 14 Oct 2009
Emergence of new networks helps boost malware infections 30 Sep 2009All Hacking Tags: Gumblar, Scansafe, Botnet, Threats, Malware, Security
del.icio.us
Digg this
reddit!
