Gtron Solutions, LLC

A malware that is spreading fast across the globe has been labeled by security firms as the biggest threat to Internet security this quarter.

The security firm SophosLabs said that based on its research, the malware JSRedir-R now accounts for 42% of all malicious infection found on website within the past week.

“Research done by experts in SophosLabs has revealed that a new web-based threat has blown all previous web-based malware out of the water, being found six times more often than its nearest rival – Mal/Iframe,” said Graham Cluley in his security blog.

The United States Computer Emergency Readiness Team (US-CERT) also warned that that the series of attacks using the malware—also known as Grumblar and Martuz—has compromised Web sites and spreads malware as soon as infection sets in.

The malware’s behavior has been described as “multi-staged attack”.

“The first is placed on Web sites compromised through, what security analysts believe, are stolen FTP credentials, and the second redirects victims who visit the compromised site to a different malicious Web site that infects their computers,” according to SecurityFocus.

US CERT says that when a user’s system becomes infected, JSRedir-R then steals FTP credentials and direct users to Google search to lead them to potentially malicious sites.

“It is also capable of installing a fake security software,” warned US CERT.

The malware was first detected last March and had been traced to its IP address in Russia although it uses domain names based in China.