«
»

Gumblar Malware Exploit

Good morning and happy hosting, ladies and gentlemen!

We hope current clients are enjoying our service, and we extend an invitation to future clients to contact us at any time with any questions.

I’d like to take a moment to post some interesting news which has the potential to affect many of our clients. This news is regarding a relatively new web-based exploit you should be aware of.

Gumblar Malware Exploit Circulating

added May 18, 2009 at 12:47 pm
 US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc.  The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.

US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate the risks.

US-CERT will provide additional information as it becomes available.
Source: http://www.us-cert.gov/current/index.html#gumblar_malware_attack_circulating

This instance serves as a good reminder to keep FTP information safeguarded, and web software updated. This especially goes for CMS systems, Blog and Forum software.

As always, we’re here to help. If you should need any help updating your web-based software, please let us know. We are able to assist with this in most cases, and as always, are willing to go to any extent to keep our network safe for you and your visitors.

As always, practice safe browsing and hosting.
Thank you for hosting with us! We’re proud to be your host!

- Mark A Mutti
PhireFast Administration
e: mark.mutti[~at~]phirefast.com
p: (866) 350-4456 Ext 100

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • E-mail this story to a friend!
  • Print this article!
  • bodytext
  • del.icio.us
  • Facebook
  • Fark
  • Google
  • Live

This entry was posted on Tuesday, May 19th, 2009 at 4:13 pm and is filed under PhireFast. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Gumblar Malware Exploit”

  1. Jim says:
    July 14, 2009 at 2:48 am

    great post, love the blog