0 Replies Latest reply on May 22, 2009 9:11 AM by HarryWaldron

    Gumblar JavaScript Exploit - Major New Threat to vulnerable websites

      Unfortunately, this new Javascript multi-stage attack is spreading rapidly on vulnerable websites. Sophos notes that it accounted for almost half of all malware infections found at websites in the past week. Be careful with website visitation, Internet searches, and keep AV protection updated.

      Gumblar JavaScript Exploit - Major New Threat to vulnerable websites
      http://www.sophos.com/blogs/sophoslabs/v/post/4405
      http://www.us-cert.gov/current/index.html#gumblar_malware_attack_circulating
      http://news.cnet.com/8301-1009_3-10244529-83.html
      http://www.theregister.co.uk/2009/05/19/gumblar_google_poisoning_update/
      http://www.internetnews.com/security/article.php/3821151/Gumblar+Biggest+Threat+ on+the+Web+Today.htm

      QUOTE: US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc.

      Andrew Martin's Analysis - Excellent detailed writeup
      http://www.martinsecurity.net/2009/05/20/inside-the-massive-gumblar-attacka-dent ro-del-enorme-ataque-gumblar/