On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet
69 TalkBacks

By Elinor Mills CNET News
Posted on ZDNet News: May 29, 2009 4:52:30 AM

The website compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with web traffic, a security firm said on Thursday.

The Gumblar attack started in March with websites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the UK, ScanSafe said last week.

As website operators cleaned up their sites, the attackers replaced the original malicious code with dynamically generated and obfuscated JavaScript, making it difficult for security tools to identify. The scripts attempt to exploit vulnerabilities in Adobe's Acrobat Reader and Flash Player to deliver code that injects malicious search results when a user searches Google on Internet Explorer, as well as search the victim's system for FTP credentials that can be used to compromise additional websites.

The domain was changed to martuz.cn before both domains were shut down. And now, the malware is coming from sites including liteautotop.cn and autobestwestern.cn, among others, according to ScanSafe.

"Fortunately, it appears the name servers themselves are being shut down," the company said in a statement. "However, even after Gumblar-related attacks subside, cybercriminals will still possess the botnet of infected computers obtained via Gumblar."

ScanSafe contends that Gumblar is worse than Conficker, a worm that spreads via a hole in Windows through removable storage devices and network shares with weak passwords, as well as disabling security software and installing fake antivirus software.

Gumblar, which was responsible for 37 percent of all malware blocked by ScanSafe during the first two weeks in May, has more intrusive behavior — it intercepts and monitors web traffic, and installs a data-theft Trojan that steals user names and passwords from infected computers, ScanSafe said.

In addition, once a Conficker infection is remediated there is no further spread of the worm. However, Gumblar can use the FTP credentials it steals to compromise even more websites, potentially exposing many more victims, the company said.

This article was originally posted on CNET News.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 69 Talkback(s)
LOL - LOL - LOL, You Got Me!
That's great, Thanks! (Read the rest)
Posted by: joe.smetona@... Posted on: 06/11/09 You are currently: a Guest | | Terms of Use
And those with up to day AV need to fear this why?  wolf_z | 05/29/09
You don't even need A/V. Just apply the patch.  ye | 05/29/09
Someone will come up with...  Erroneous | 05/29/09
Application patches too...  JCitizen | 06/01/09
Cue the WIndows apologists  Chad_z | 05/29/09
rofl  jdbukis@... | 05/29/09
Chad, your reading comprehension needs work  wolf_z | 05/29/09
Secunia PSI free too...  JCitizen | 06/01/09
It's not a necessity for for FOSS users...  joe.smetona@... | 05/31/09
This should tell you something.  ye | 05/31/09
Ye, I believe you.  joe.smetona@... | 05/31/09
Good advice Joe...  JCitizen | 06/01/09
About Cable Systems and FOSS.  joe.smetona@... | 06/02/09
That's interesting(and thanks)...  JCitizen | 06/07/09
freetarded  mydasx | 06/01/09
I shouldn't respond but...  914four | 06/02/09
Let's be clear...  joe.smetona@... | 06/02/09
Gotta love em..  supercharlie | 05/31/09
does it matter why?  pfyearwood | 06/01/09
Re: Gotta Love em...  joe.smetona@... | 06/02/09
Yup...  StarSniper | 06/01/09
You know - this is stupid  library assistant | 06/01/09
Well said!  914four | 06/02/09
Nice to wish for.  joe.smetona@... | 06/03/09
And those with no AV need to fear this why?  kozmcrae | 05/29/09
RE: Gumblar attack worse than Conficker, experts warn  gertruded | 05/29/09
True  NonZealot | 05/29/09
NZ might have a point here.......  James Quinn | 05/29/09
take the point even deeper...  bcwise | 05/29/09
Why not use Mozilla then you don't have to switch.  osreinstall | 05/29/09
Not in my experience.  ye | 05/29/09
Same for me  barence773 | 05/30/09
at least they tried it.  pfyearwood | 06/01/09
I have yet to hear of one.  ye | 05/29/09
LMFO  gnesterenko | 05/29/09
"The views expressed here are mine  gertruded | 05/29/09
And for a computer that IS attached to the internet, it is great....  MGP2 | 05/29/09
Good for you, but...  nizuse | 05/29/09
Blacklight says I'm clean...  MGP2 | 05/29/09
Got another one  nizuse | 05/29/09
Gertruded is right.  nizuse | 05/29/09
Some Linux IS ready for the desktop  barence773 | 05/30/09
All operating systems are works in progress.  pfyearwood | 06/01/09
RE: Gumblar attack worse than Conficker, experts warn  shellcodes_coder | 05/29/09
Viruses are a Windows phenomenon...  joe.smetona@... | 05/29/09
If that is so then.....  Erroneous | 05/29/09
Ii think you will find that...  joe.smetona@... | 05/30/09
Yet another reason to move to W7  InAction Man | 05/29/09
security flaw has been patched  gertruded | 05/29/09
Name an OS...  Erroneous | 05/29/09
Would we really?  gnesterenko | 05/29/09
So, you admit Windows is constantly improving security  MGP2 | 05/29/09
Windows is constantly improving security  gertruded | 05/29/09
Being the expert you are what should they do?  ye | 05/29/09
I think what he tries to say...  nizuse | 05/29/09
Once again you show your....  Erroneous | 05/29/09
Apologies to InAction  Erroneous | 05/29/09
yes, ye said that above  InAction Man | 05/29/09
Whatever  VoiceOfLogic | 05/29/09
Of course Gumblar is worse than Conficker  ejhonda | 05/29/09
Alot of stupid posts  simonphoenix | 05/29/09
Whatever  VoiceOfLogic | 06/01/09
RE: Gumblar attack worse than Conficker, experts warn  theone@... | 06/01/09
Why isn't there an international investigation going on?  library assistant | 06/01/09
RE: Gumblar attack worse than Conficker, experts warn  jqheller | 06/03/09
RE: Gumblar attack worse than Conficker, experts warn  joe.smetona@... | 06/04/09
I found one!  homant@... | 06/08/09
Ha!..  JCitizen | 06/09/09
LOL - LOL - LOL, You Got Me!  joe.smetona@... | 06/11/09

What do you think?

Essential Topics Click Here

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here