resource center
  See your link here
|
IDG News Service - ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.
Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.
When the Gumblar malware was found in March, it looked for instructions on a server at gumblar.cn. That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.
Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another. Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.
Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download.
Usually, domain name registrars suspend domain names that have been used for malicious purposes, and malware writers frequently change the domains their software looks to for instructions as those bad domains are blacklisted. For some reason, the gumblar.cn domain was released and is in use again.
Landesman wrote that Web sites still infected with Gumblar may now be able to call back to the newly activated domain. It would allow those infected PCs to get updated with new malware.
"It's a mess," Landesman wrote. "Stay tuned."
IDG.net
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Tackling the Top Five Network Access Control Challenges
Computerworld and Juniper invite you to download this white paper.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Accelerate SSL Encrypted Applications
Gain complete visibility into SSL application sessions, making it easy to apply appropriate acceleration and security controls to all SSL traffic.
The Commercialization of ITIL: Lessons Learned
Register for this event today!
Sign up to receive updates on the latest Networking and Internet resources
Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
