Gumblar web attacks on the rise

A malware attack that uses Google's search results to redirect internet users to fraudulent websites is a rapidly growing threat, experts have warned.

The web attack, called Gumblar, has been described as a multi-stage series of compromises.

This means it uses a number of different strategies to gain control of personal computers, spread malware and steal personal information.

Gumblar works by using a technique known as a man-in-the-browser attack. When malicious code injects itself into a user's browser and then monitors requests from that browser, such as a search for a tennis website. It then redirects the requests to fraudulent websites.

Security firm ScanSafe said that this type of attack could give control of a victim’s computer to cybercriminals - leading to a myriad of security issues including personal data theft.

Sophos has also reported that Gumblar, known also as Troj/JSRedir-R, had taken the number one spot as the web's most common infection.

According to the security company, Gumblar is six times more prevalent than the next closest threat and accounts for around 42 per cent of all of Sophos' detections.

Google delisted the compromised websites last month after an investigation, but since then the authors of Gumblar have redoubled their efforts warned ScanSafe. It said that compromises from Gumblar were up 181 per cent from last week.

Mary Landesman, senior security researcher at ScanSafe, described Gumblar as complex and sophisticated.

"The cybercriminals responsible for Gumblar have learned to morph its features quickly," added Landesman. "This, coupled with Gumblar’s other dynamic characteristics, is allowing the compromise to disseminate more rapidly than others we’ve seen."

For more advice on detecting web-based scams, read our online security guides.