Ads by TechWords

See your link here
Receive the latest technology news and information.
Networking
Networking Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Gumblar malware's home domain is active again

November 6, 2009 06:40 AM ET

IDG News Service - ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.

When the Gumblar malware was found in March, it looked for instructions on a server at gumblar.cn. That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.

Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another. Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.

Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download.

Usually, domain name registrars suspend domain names that have been used for malicious purposes, and malware writers frequently change the domains their software looks to for instructions as those bad domains are blacklisted. For some reason, the gumblar.cn domain was released and is in use again.

Landesman wrote that Web sites still infected with Gumblar may now be able to call back to the newly activated domain. It would allow those infected PCs to get updated with new malware.

"It's a mess," Landesman wrote. "Stay tuned."


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

ScanSafe

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Enterprise 2.0 Applications - Block or Not?
Learn what your organization should do to control Enterprise 2.0 Applications.  

Product Overview Brochure
Learn how to deliver secure data and applications wherever and whenever they're needed.  

How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!  

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.  

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Accelerate SSL Encrypted Applications
Gain complete visibility into SSL application sessions, making it easy to apply appropriate acceleration and security controls to all SSL traffic.  

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.

Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.



IT Jobs