Topic: Malware Threats

The attackers behind a series of rapidly spreading website compromises have begun using a new domain to deliver their malicious code, security experts said on Monday.

The attacks, collectively referred to as 'Gumblar' by ScanSafe and 'Troj/JSRedir-R' by Sophos, grew 188 percent over the course of a week, ScanSafe said on Thursday. The Gumblar infections accounted for 42 percent of all infections found on websites last week, Sophos said on Thursday.

Over the weekend, the Chinese web domain used to deliver the malicious code — gumblar.cn — stopped responding, according to Unmask Parasites, a service used to detect malicious code embedded in web pages. The attacks' malicious payload has, however, continued to be delivered from a different source, the martuz.cn domain, Unmask Parasites said in an advisory published on Monday.

I usually have a pretty good idea of how widespread a particular piece of malware is by the number of incidents of infection that I come across. But when it comes to the Conficker worm (aka Downadup or Kido), I get the feeling that while there’s a lot of hype surrounding this latest bit of malware, actual infections are much lower than some would want you to believe. However, over the past few days the number of enquires I’m getting in relation to Conficker has skyrocketed
Some antivirus companies love to hype malware because it’s a great way to sell security products. While Conficker isn’t new (it’s been around since November last year), the April 1st trigger date gives security firms the opportunity to ratchet up the hype a couple of more notches (and help drive concerned users straight into the hands of cybercriminals). However, it’s important to note that it’s unclear right now as to what will happen come the trigger date. However, what is clear is that you will need to be infected to be at risk of anything happening at all.

- Computer-virus infections don't cause your machine to crash anymore.

Nowadays, the criminals behind the infections usually want your computer operating in top form so you don't know something's wrong. That way, they can log your keystrokes and steal any passwords or credit-card numbers you enter at Web sites, or they can link your infected computer with others to send out spam.

Here are some signs your computer is infected, tapped to serve as part of "botnet" armies run by criminals:

• You experience new, prolonged slowdowns. This can be a sign that a malicious program is running in the background.

• You continually get pop-up ads that you can't make go away. This is a sure sign you have "adware," and possibly more, on your machine.

• You're being directed to sites you didn't intend to visit, or your search results are coming back funky. This is another sign that hackers have gotten to your machine.