Sophos: JSRedir-R surpasses other Web-based malware

A new web-based attack, JSRedir-R, has blown all previous Web-based malware out of the water, and is currently being found six times more often than its nearest rival, said Sophos Tuesday.

During the last seven days, almost half of all malicious infections found on websites were caused by Troj/JSRedir-R. Mal/Iframe-F, which has been the most widespread web-based threat for more than a year, accounted for just seven percent of infections this week, according to Sophos in a statement. The vendor said there is one new infected webpage every 4.5 seconds - three times more than in 2007.

"No one should be in any doubt that the web is still the main vector of attack for cybercriminals, and this new threat suggests this situation isn't going to change anytime soon," said Graham Cluley, senior technology consultant at Sophos. "The problem is that too many computer users still think there's no danger in surfing the web, but with legitimate sites often falling victim to these attacks, it's time to wake up. Hackers won't stop targeting the web as it's proving a successful way for them to spread their infections. To combat this, it's essential to scan every website for malicious code before visiting it."

JSRedir-R, which has been found on high traffic legitimate websites, loads malicious content from third-party sites (including one called Gumblar.cn, inspiring some security vendors to dub the threat 'Gumblar') without users' knowledge, said Sophos, adding that the malware can then be used to steal sensitive information for financial gain, to commit identity theft or to meddle with search engine results.