Page 1 of 2 12 LastLast
Results 1 to 25 of 27

Thread: The Gumblar Virus

  1. #1
    Join Date
    Feb 2007
    Location
    South East England
    Posts
    2,906
    Mentioned
    2 Post(s)
    Quoted
    8 Post(s)

    Default The Gumblar Virus

    Quote Originally Posted by http://news.zdnet.com/2100-9595_22-306268.html
    The website compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with web traffic, a security firm said on Thursday.

    The Gumblar attack started in March with websites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the UK, ScanSafe said last week.

    As website operators cleaned up their sites, the attackers replaced the original malicious code with dynamically generated and obfuscated JavaScript, making it difficult for security tools to identify. The scripts attempt to exploit vulnerabilities in Adobe's Acrobat Reader and Flash Player to deliver code that injects malicious search results when a user searches Google on Internet Explorer, as well as search the victim's system for FTP credentials that can be used to compromise additional websites.

    The domain was changed to martuz.cn before both domains were shut down. And now, the malware is coming from sites including liteautotop.cn and autobestwestern.cn, among others, according to ScanSafe.

    "Fortunately, it appears the name servers themselves are being shut down," the company said in a statement. "However, even after Gumblar-related attacks subside, cybercriminals will still possess the botnet of infected computers obtained via Gumblar."

    ScanSafe contends that Gumblar is worse than Conficker, a worm that spreads via a hole in Windows through removable storage devices and network shares with weak passwords, as well as disabling security software and installing fake antivirus software.

    Gumblar, which was responsible for 37 percent of all malware blocked by ScanSafe during the first two weeks in May, has more intrusive behavior — it intercepts and monitors web traffic, and installs a data-theft Trojan that steals user names and passwords from infected computers, ScanSafe said.

    In addition, once a Conficker infection is remediated there is no further spread of the worm. However, Gumblar can use the FTP credentials it steals to compromise even more websites, potentially exposing many more victims, the company said.
    Quote Originally Posted by http://en.wikipedia.org/wiki/Gumblar
    Gumblar is a computer virus that first appeared in 2009. It has been identified as one of the most malicious viruses in existence. It is characterized by re-directing user's Google searches and is suspecting to come from flash and PDF files.

    Infection

    Personal Computers

    Visitors to an infected site will be redirected to an alternative site containing further Malware, which was once gumblar.cn, but has now switched to a variety of domains. The site sends the visitor an infected PDF that is opened by the visitor's browser or Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer.

    The virus will find FTP clients such as FileZilla and Dreamweaver and download the clients' stored passwords. It also enabled promiscuous mode on the network card, allowing it to sniff local network traffic for FTP details. It is one of the first viruses to incorporate an automated network sniffer.

    Servers

    Using passwords obtained from site admins, the host site will access a website via FTP and infect the website. It will download large portions of the website and inject malicious code into the website's files before uploading the files back onto the server. The code is inserted into any file that contains a <body> tag, such as HTML, PHP, JavaScript, ASP and ASPx files. The inserted PHP code contains base64-encoded JavaScript that will infect computers that execute the code. In addition, some pages may have inline frames inserted into them. The virus will also modify .htacess and HOSTS files, and create images.php files in directories named 'images'. The infection is not a server-wide exploit. It will only infect sites on the server that it has passwords to.
    tl;dr; Get FireFox and Ubuntu because Gumblar hits you on Microsoft software and Internet explorer.
    Jus' Lurkin'

  2. #2
    Join Date
    Dec 2007
    Posts
    2,766
    Mentioned
    2 Post(s)
    Quoted
    37 Post(s)

    Default

    Another one.... And of course, microsoft is the (only ?) one affected.

  3. #3
    Join Date
    Feb 2007
    Location
    South East England
    Posts
    2,906
    Mentioned
    2 Post(s)
    Quoted
    8 Post(s)

    Default

    Quote Originally Posted by Dr D. Dervish View Post
    Another one.... And of course, microsoft is the (only ?) one affected.
    I dont know specifically, but it seeks out flaws in Acrobat Reader and Abode Flash Player, so its an Adobe problem really, but most people using Adobe are on MS OS'.
    Jus' Lurkin'

  4. #4
    Join Date
    Dec 2007
    Posts
    2,766
    Mentioned
    2 Post(s)
    Quoted
    37 Post(s)

    Default

    HTML 5 in Firefox 3.5 > Adobe flash ^^.

  5. #5
    Join Date
    Nov 2006
    Location
    Wisconsin
    Posts
    1,629
    Mentioned
    0 Post(s)
    Quoted
    3 Post(s)

    Default

    Yawn.

    Linux yay.


    Quote Originally Posted by Rubix View Post
    Quote Originally Posted by Dan Cardin View Post
    you ought to listen to Mr. Klean...he's magical!
    this.

  6. #6
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  7. #7
    Join Date
    Dec 2006
    Location
    Canada, BC
    Posts
    728
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    uh ohh.. i am unprotected :O
    Lance. Da. Pants.

  8. #8
    Join Date
    Nov 2008
    Location
    Norway, Alesund
    Posts
    924
    Mentioned
    0 Post(s)
    Quoted
    37 Post(s)

    Default

    Damn another one virus. :X one more thing because microsoft s*cks sometimes.

  9. #9
    Join Date
    Jul 2008
    Location
    Canada
    Posts
    1,612
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

  10. #10
    Join Date
    Feb 2009
    Posts
    2,155
    Mentioned
    4 Post(s)
    Quoted
    42 Post(s)

    Default

    is there any way to tell if u have it??

  11. #11
    Join Date
    Feb 2007
    Location
    South East England
    Posts
    2,906
    Mentioned
    2 Post(s)
    Quoted
    8 Post(s)

    Default

    Quote Originally Posted by J_Pizzle View Post
    is there any way to tell if u have it??
    redirected search results on IE when you google. I dont know thats one of the things. and also if you are a web developer it finds yout FTP and attatches obbed JS code on your uploads to infect other people too.
    Jus' Lurkin'

  12. #12
    Join Date
    May 2008
    Location
    127.0.0.1
    Posts
    705
    Mentioned
    1 Post(s)
    Quoted
    6 Post(s)

    Default

    *sigh* i guess Harry was right -.-
    <Wizzup> And he's a Christian
    <Wizzup> So he MUST be trusted
    ___________________________________________
    <Wizzup> she sounds like a dumb bitch

  13. #13
    Join Date
    Oct 2007
    Location
    http://ushort.us/oqmd65
    Posts
    2,605
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Microsoft creates the virus's duh. More monies in software to earn!
    I do visit every 2-6 months

  14. #14
    Join Date
    Apr 2007
    Posts
    3,152
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    ahhh. Im so scared! I might just cry.

    When i dont get the virus and no one else does, Ill be too lazy to come back here and say "false alarm" so ill say it now. False alarm!
    SCAR Tutorials: The Form Tutorial | Types, Arrays, and Classes
    Programming Projects: NotePad | Tetris | Chess


  15. #15
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Why are a lot of you cheering for Ubuntu? I see nothing that suggests that Windows is at fault.

    If you use IE, you deserve to get this.

  16. #16
    Join Date
    Feb 2008
    Posts
    517
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    It's obviously adobes fault.

  17. #17
    Join Date
    Nov 2008
    Posts
    202
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    What is Ubuntu?



    ~D-M

  18. #18
    Join Date
    Jun 2006
    Posts
    1,492
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Death-Magnetic View Post
    What is Ubuntu?



    ~D-M
    WHAT?!?!?!

    Lol, it's a "flavor" of the Linux operating system.

  19. #19
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    1,395
    Mentioned
    1 Post(s)
    Quoted
    1 Post(s)

    Default

    Still happy with NOD32, still happy with FireFox, still happy with XP..


  20. #20
    Join Date
    Feb 2007
    Location
    Het ademt zwaar en moedeloos vannacht.
    Posts
    7,211
    Mentioned
    26 Post(s)
    Quoted
    72 Post(s)

    Default

    Quote Originally Posted by Death-Magnetic View Post
    What is Ubuntu?



    ~D-M
    Ubuntu is a spectacular musical in the open-air with more than 200 participants out of Zeeland (province I live in) in the areas of dance, music, stage-play and acrobatics
    Ubuntu is the story of a young lady who's looking through entire Africa for her brother who disappeared 18 years ago.
    It was a so-called Africa Festival held in a neighbouring place called 'Goes' here (around 20km away from me). It was quite big and even made it to the frontpage of the PZC (the local newspaper) multiple times. There were 13.000 visitors.

    And it's the name of the most popular desktop Linux distro to date ^^
    I made a new script, check it out!.

  21. #21
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    1,395
    Mentioned
    1 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by Markus View Post
    Ubuntu is a spectacular musical in the open-air with more than 200 participants out of Zeeland (province I live in) in the areas of dance, music, stage-play and acrobatics
    Ubuntu is the story of a young lady who's looking through entire Africa for her brother who disappeared 18 years ago.
    It was a so-called Africa Festival held in a neighbouring place called 'Goes' here (around 20km away from me). It was quite big and even made it to the frontpage of the PZC (the local newspaper) multiple times. There were 13.000 visitors.

    And it's the name of the most popular desktop Linux distro to date ^^
    wtf


  22. #22
    Join Date
    Sep 2006
    Posts
    5,219
    Mentioned
    4 Post(s)
    Quoted
    1 Post(s)

  23. #23
    Join Date
    Feb 2007
    Location
    South East England
    Posts
    2,906
    Mentioned
    2 Post(s)
    Quoted
    8 Post(s)

    Default

    This isnt a Microsoft fault, its just you're more protected if you are on Ubuntu. this is an abode error
    Jus' Lurkin'

  24. #24
    Join Date
    Apr 2007
    Location
    The Netherlands
    Posts
    5,553
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Remember, no OS is 'better' it is just some OS's fits better to you use.
    I could be good with Ubuntu if I used it a lot.
    I have never have had viruses on Windows and if I will get them I can just remove them.
    I am fine with Windows, tbh and I am highly annoyed by the dual boot because ubuntu is the default boot choice =/.
    ~Hermen

  25. #25
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by Hermen View Post
    I am fine with Windows, tbh and I am highly annoyed by the dual boot because ubuntu is the default boot choice =/.
    You can change that very easily. Just open up /boot/grub/menu.lst (as root), and find the boot list (it's pretty obvious when you see it). Move the Windows entry to the top.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •