Threat Center Security News Grumblar still a threat, says security experts
Grumblar still a threat, says security experts Print E-mail
Written by Rebecca Mints   
Saturday, 13 June 2009 08:06

The vicious virus that spreads malicious code over the Internet remains a pervasive threat, according to security firm Websense in its latest blog.

While updates on the rate of recorded attacks of Grumblar, also named JSRedir-R and Martuz, show a significant decline in the last week of May, this does not mean it has stopped its online mayhem.

Websense tracked the sites compromised because of the attacks and monitored the trend leading to Grumblars near inertness. According to Websense's researchers, the attacks peaked at 82,500 on May 26 and from there slowly declined.

“...the predecessor to the Gumblar attack is still alive, but it is on the decline. The older injection peaked at approx 17,000 sites on April 25, 2009. This peak was in the earlier days of the attack; it has since then stabilized at about 10,000,” according to the Websense blog posted last week.

Grumblar was first discovered two months ago when it launched a series of attacks across the Internet using an IP address that was later on traced to Russia although it uses domain names based in China.

Last May, security firm SophosLabs said that the malware accounts for 42% of all malicious infection found on website in the past weeks before its eventual decline this month.

Grumblar infects the system by enticing unwitting users to click on a malicious site and download a PDF file that contains the phrase “Boris likes horilka”, and afterwards steals user rights, rolls out spam, fake antivirus software, disables security software and, lastly, hijacks queries searched over Google.

 

WTW Threat Level