Infection targeting FTP login details
News that a compromise targeting FTP details stored on computers has been published on The Register with further details found on ScanSafe’s blog.
Named ‘Gumblar’, computers that are infected have their Google search results replaced with links that point to malicious or fraudulent websites. The malware also goes through the computer’s local files looking for FTP details to infect those sites and spread itself further by infecting visitors to those seemingly safe sites, and the cycle continues. ScanSafe is reporting that the number of compromised domains has risen 188% since last week.
Although the target is primarily Google search results, the infection and problem lies with the local machine (your PC) and not Google, as such we would recommend you update your anti-virus software to the latest version and run a virus scan on your computer.
You can read about this in more detail on ScanSafe’s blog here:
http://blog.scansafe.com/journal/2009/5/8/google-serps-redirections-turn-to-bots.html
http://blog.scansafe.com/journal/2009/5/14/gumblar-qa.html
Related posts: