Gumblar JavaScript Exploit - Major New Threat to websites
Unfortunately, this new Javascript multi-stage attack is spreading on vulnerable websites. Sophos notes that it accounted for almost half of all malware infections found at websites. Be careful with website visitation, Internet searches, and keep AV protection updated.
Gumblar JavaScript Exploit - Major New Threat to websites
http://www.sophos.com/blogs/sophoslabs/v/post/4405
http://www.us-cert.gov/current/index.html#gumblar_malware_attack_circulating
http://news.cnet.com/8301-1009_3-10244529-83.html
http://www.theregister.co.uk/2009/05/19/gumblar_google_poisoning_update/
http://www.internetnews.com/security/article.php/3821151/Gumblar+Biggest+Threat+on+the+Web+Today.htm
QUOTE: US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc.
Andrew Martin's Analysis - Excellent detailed writeup
http://www.martinsecurity.net/2009/05/20/inside-the-massive-gumblar-attacka-dentro-del-enorme-ataque-gumblar/
QUOTE: Responsible for 42% of “all malicious infections found on websites” (Sophos) during a 7 day period, Gumblar (JSRedir-R) has been extremely effective at propagating. Many bloggers have been focusing on the script involved in the attack, not so much on what happens when a client is compromised