Gumblar compromise growth continues

Dominant web threat infecting still more vulnerable sites.

A major web compromise, estimated by some to represent over 40% of infected web pages last week, has continued growing in size and prevalence at an alarming rate.

VB100

The threat, commonly dubbed 'Gumblar' after a domain used by early versions, but also known as 'JS/Redir', is thought to inject itself into websites using stolen ftp credentials to hosting servers, and uses the infected pages to serve malware which may seek out further ftp login data. It may also doctor Google search results to redirect more victims to compromised hosts, which attempt to infect via PDF and Flash exploits.

The threat's sharp growth in size was highlighted last week by researchers at Sophos and at ScanSafe, and the spurt seems to have continued with ever higher figures reported by a variety of sources. Mary Landesman at ScanSafe has kept up a running commentary on the spread of the threat on the STAT blog here, with more details on the threat itself at Unmask Parasites here and reports from US-Cert here and SANS here.

20 May 2009

Tags: compromise, exploit, vulnerability, web threat.    del.icio.us  digg this! digg this

0 comments

Leave a comment

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Career Sidebar

VB2010

VB2010 VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.
Virus Bulletin currently has 190,965 registered users.