Gumblar Exploit is the Most Prevalent Web Threat

Malware analysts from security vendor Sophos warn that the number of pages infected with the Gumblar malcious script has recently sky-rocketed, putting the exploit at the top of the list of Web threats. The impact of the previous record setter Mal/Iframe-F now dwarfs in comparison.

According to Sophos, Troj/JSRedir-R, otherwise known as the Gumblar exploit, after the rogue domain it points to, amounts to a whopping 42% of all infections on the Web today. Mal/Iframe-F occupies the second place, its number of infections being six times lower and accounting for only 7%.

“Typically, JSRedir-R is found on legitimate websites, hidden behind obfuscated JavaScript, loading malicious content from third-party sites without the user’s knowledge. In the below case, the obfuscated script tries to download dangerous code from a site called gumblar.cn,” Graham Cluley, Sophos’ senior technology consultant, explains.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31333