Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drive-By Download Poisons Google Search Results

Posted by timothy on from the monocultural-imperialism dept.

snydeq writes "A new attack that peppers Google search results with malicious links is spreading quickly, CERT has warned. The attack, which can be found on several thousand legitimate Web sites, exploits flaws in Adobe software to install malware that steals FTP login credentials and hijacks the victim's browser, replacing Google search results with links chosen by the attackers. Known as Gumblar because at one point it used the Gumblar.cn domain, the attack is spreading quickly in part because its creators have been good at obfuscating their attack code and because they are using FTP login credentials to change folder permissions, leaving multiple ways they can get back into the server."

3 of 136 comments (clear)

  1. The Importance of Being Forgotten by eldavojohn · · Score: 5, Insightful

    ... that steals FTP login credentials ...

    About five years ago, I had installed some Firefox FTP plugin (FireFTP?) and was enjoying the simplicity of having my browser be used for multiple kinds of traffic when transferring files.

    Well, we all know how bulletproof secure Firefox is, right? Not very. So I thought about it more and more I got really nervous about using something like this. I thought of the importance of all the things I had connected to--whether it be my friend's FTP server to drop off some pictures of our last vacation or one of several web hosts I had been working on. So in the end, I removed it from my machine as I wasn't sure how it was storing sessions and passwords. I also deleted the passwords from saved sessions in WinSCP on my Windows machines. Nowadays I just use the 'ftp' command in the shell no matter what operating system I'm using. Yeah, it's annoying to change directories both locally and remotely by hand (without even tab-complete!) but you know it sure beats being that guy that lost all his shit (and maybe some other people's) to something like this.

    The integration of FTP clients into browsers and I think I've seen plugins in integrated development environments to remotely connect and upload your changes. While this may seem like a stream lined and faster path to development, acknowledge the risks you take when that's a server hosting data to users.

    --
    My work here is dung.
    1. Re:The Importance of Being Forgotten by Aladrin · · Score: 5, Insightful

      It's a pretty rare thing in the computer world to gain convenience without sacrificing security.

      In fact... Drop 'computer' out of that sentence and it's still true.

      It's all about a balancing act. You have to take risks to be efficient... It's just part of life.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    2. Re:The Importance of Being Forgotten by Abcd1234 · · Score: 4, Insightful

      Well, we all know how bulletproof secure Firefox is, right?

      More to the point, we all know how secure FTP is, right?

      Jebus, if you're that paranoid, why, dear god, weren't you using SFTP?