Researchers see Gumblar attacks surge again

Gumblar infects insecure Web sites in order to compromise vulnerable PCs

Jeremy Kirk (IDG News Service)
21 October, 2009 08:26
Comments

Security researchers are seeing a resurgence of Gumblar, the name for a piece of malicious code that is spread by compromising legitimate but insecure Web sites.

In May, thousands of Web sites were found to have been hacked to serve up an iframe, which is a way to bring content from one Web site into another.

The iframe led to the "gumblar.cn" domain. Gumblar would then try to exploit the user's PC via software vulnerabilities in Adobe Systems products such as Flash or Reader and then deliver malicious code.

Gumblar has also now changed its tactics. Rather than hosting the malicious payload on a remote server, the hackers are now putting that code on compromised Web sites, vendors IBM and ScanSafe say.

It also appears Gumblar has been updated to use one of the more recent vulnerabilities in Adobe's Reader and Acrobat programs, according to IBM's Internet Security Systems Frequency X blog.

The hackers know that it's only a matter of time before a malicious domain is shut down by an ISP. The new tactic, however, "gives them a decentralized and redundant attack vector, spread across thousands of legitimate websites around the world," IBM said.

To help avoid detection, the bad code that is uploaded to the legitimate Web sites has been molded to match "existing file structures," IBM said. It also has been scrambled or obfuscated to try and avoid detection.

"Gumblar is a force to be reckoned with, and this latest push of theirs is a true testament to that fact," IBM said.

The hackers behind Gumblar have also taken to forcibly injecting a malicious iframe into forums, according to a blog post from ScanSafe.

It means that people become victim to a so-called drive-by attack, where they are instantly exposed to malicious content from elsewhere when visiting a legitimate site.

Once a PC is infected, Gumblar also looks for other FTP credentials that it can use to compromise other Web sites.

It also hijacks the Internet Explorer browser, replacing Google search results with those of other Web sites, which IBM thinks may be connected with "pay-per-click" fraud.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Adobe, Adobe Systems, Google, IBM, IBM Australia, Internet Security Systems, Security Systems

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Ich kenne einige Leute, die aus Kanadakommen. Eines Tages werde ich auch ..."

Australia's first 4G smartphone is the HTC Velocity 4G
"Actually when someone doesn't know then its up to other visitors that ..."

Swedish e-commerce startup's execs linked to NYC sex crime
"Hi to all, how is everything, I think every one is getting ..."

Face Time - Interview with John Brennan and Robert DiStefano
"I am truly thankful to the owner of this website who has ..."

How to implement next-generation storage infrastructure for Big Data
"hwjae , click here http://www.breastenhanceproduct.org/how-to-benefit-from-herbal-breast-enhancements"

Pfizer's Future Depends on IT Transformation

Tags: gumblar, malware, security

Latest Blog Posts

Whitepapers

Risk management: ensuring the security of your hosted information
Organisations of all sizes are becoming victims to cybercriminals, data breaches, information theft and security risks. But before you go out and spend a fortune on security software, solutions and consultants, the starting point is to identify and measure your business’s exposure to those risks. In this whitepaper, “Exploring, Identifying and Measuring” risk, we examine how to identify risk and share an approach for identifying and measuring risk in your organisation.

Learn more »
Business Intelligence Best Practices for Dashboard Design
Even if a dashboard’s appearance looks professional and is aesthetically pleasing, appearances can be deceiving. Although visual design is important, it is also important to ask yourself: Is the data reliable? Is it timely? Is any data missing? Is it consistent across all dashboards?. This paper offers an overview of best practice business intelligence (BI) dashboard design principles and discusses data integration options for getting data into a dashboard.

Learn more »
Bend or break: Flexible Policy
DON’T. PANIC. Aligning business and IT needs has always been a challenge. Finding the right balance between ensuring the safety of sensitive data and enabling the free flow of information is increasingly difficult in today’s evolving regulatory and threat environment. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

SOA Best Practices and Design Patterns

By learning from the experiences of those organisations that have been through the process and looking at the standard best practices of large‐scale technology implementations, success can come earlier and ...

Recent comments

"Ich kenne einige Leute, die aus Kanadakommen. Eines Tages werde ich auch ..."
Australia's first 4G smartphone is the HTC Velocity 4G
"Actually when someone doesn't know then its up to other visitors that ..."
Swedish e-commerce startup's execs linked to NYC sex crime
"Hi to all, how is everything, I think every one is getting ..."
Face Time - Interview with John Brennan and Robert DiStefano
"I am truly thankful to the owner of this website who has ..."
How to implement next-generation storage infrastructure for Big Data
"hwjae , click here http://www.breastenhanceproduct.org/how-to-benefit-from-herbal-breast-enhancements"
Pfizer's Future Depends on IT Transformation

Follow CIO

Market Place

Gartner Security & Risk Management Summit, 16-17 July 2012, Sydney

Cyber Security Summit 2012 | 1-3 August | Save $150 using promo code CSO | Check out agenda today

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Researchers see Gumblar attacks surge again

Comments

Post new comment

Building trusted relationships

Planning your IT career

Taking the risk out of diversity

5 open source help desk apps to watch

How to create a clear project plan

NBN Co focuses on continuous delivery to meet its deadlines

5 open source billing systems to watch

10 Tips for Dealing with a Bully Boss

Face Time - Interview with John Brennan and Robert DiStefano

Pfizer's Future Depends on IT Transformation

All Systems Down

IT service management going social

Australia's first 4G smartphone is the HTC Velocity 4G

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

SOA Best Practices and Design Patterns

The Pathways ICT Leadership Development Program Brochure and Curriculum 2012