A new web-based attack, known as JSRedir-R, is beating all previous malware competition with an infection rate that sees it found six times more often than its nearest rival. That makes JSRedir-R responsible for 42 per cent of all malicious infections on the web…

During the last seven days, almost half of all malicious infections found on websites were caused by Troj/JSRedir-R.

Mal/Iframe-F, which has been the most widespread web-based threat for more than a year, accounted for just seven percent of infections this week.

JSRedir-R, which has even been found on high traffic legitimate websites, loads malicious content from third-party sites (including one called Gumblar, inspiring some security vendors to name the threat using that word) without users’ knowledge.

The malware can then be used to steal sensitive information for financial gain, to commit identity theft or to meddle with search engine results.

"No-one should be in any doubt that the web is still the main vector of attack for cybercriminals and this new threat suggests this situation isn’t going to change anytime soon," said Graham Cluley, senior technology consultant at Sophos

"To combat this, it’s essential to scan every website for malicious code before visiting it."

 

{mosimage}