Gumblar malware's home domain is active again

Sites and PCs still infected with old malware may now receive new instructions

Jeremy Kirk (IDG News Service)
09 November, 2009 10:40
Comments

ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.

When the Gumblar malware was found in March, it looked for instructions on a server at gumblar.cn.

That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.

Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another.

Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.

Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download.

Domain name registrars will often suspend domain names that have been used for malicious purposes, and malware writers will usually frequently change the domains their software looks to for instructions as those bad domains are blacklisted.

For some reason, the gumblar.cn domain was released and is in use again.

Landesman wrote that Web sites still infected with Gumblar may now be able to call back to the newly activated domain. It would allow those infected PCs to get updated with new malware.

"It's a mess," Landesman wrote. "Stay tuned."

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Adobe, Adobe Systems, Google

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"{A friend linked me to this resource."

The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."

Apple and Google disagree over licensing of essential patents
"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch

Tags: ScanSafe, malware, gumblar

Latest Blog Posts

Whitepapers

Increasing Uptime and Efficiency with Switched PDUs - Two ways to use rack PDUs for more than just distributing power
Power distribution units (PDUs) play an essential role in delivering power safely and at appropriate voltages to servers and other network resources. A particular class of power distribution units known as rack Switched PDUs, however, is capable of performing additional functions that can help data center managers improve the efficiency and reliability of their IT infrastructure. This paper provides a brief introduction to rack Switched PDUs and describes two underappreciated yet powerful ways to take advantage of their advanced functionality.

Learn more »
Oracle Database 11g for Data Warehousing and Business Intelligence
Oracle Database 11g is a comprehensive database platform for data warehousing and business intelligence that combines industry-leading scalability and performance, deeplyintegrated analytics, and embedded integration and data-quality -- all in a single platform running on a reliable, low-cost grid infrastructure. Read on.

Learn more »
Web 2.0 in the Workplace Today
More than a decade after the term ‘Web 2.0’ was coined, many businesses are still nowhere near to taking full advantage of the collaborative technologies the term refers to. Undoubtedly, confidence is growing in relation to using tools such as Facebook, Skype, Twitter, and indeed many more organisations are using such technology now compared to even just a couple of years ago. But the fact remains that a worrying amount of businesses seem to be operating a ‘lockdown’ approach – an approach that I’m sure many Board-level staff know is simply not good for business in the long-term.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Case Study - TNT Express successfully reduces their paper usage and costs using a new document solution

in 2009 TNT decided to evaluate the market for new head office multifunction devices (MFD) as their current MFD fleet was almost seven years old. The objective was to reduce ...

Recent comments

"{A friend linked me to this resource."
The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."
Apple and Google disagree over licensing of essential patents
"As are ours."
Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."
FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."
QLD govt demands answers after pay glitch

HP and IDG news, product videos and resources

Follow CIO

Market Place

How does Gartner rank ALM providers? Download the analysis report

Improving Storage Efficiencies with Data Deduplication and Compression - Download free resource

Application Lifecycle Management Zone - Whitepapers | Videos | Events | e-books | Case Studies and more. Visit the Zone

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Gumblar malware's home domain is active again

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Internode, iiNet improve results in customer satisfaction survey

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

Apple and Google disagree over licensing of essential patents

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Case Study - TNT Express successfully reduces their paper usage and costs using a new document solution

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses