Has The Gumblar Virus Got You Yet ? - Webmasters - Nairaland
Nairaland Forum / Science/Technology / Webmasters / Has The Gumblar Virus Got You Yet ? (672 Views)
"GHOST PUSH", The Worst Virus Affecting Over 600,000+ Android Users Per Day. / My Opera Has Contacted Some Ads Virus. Heavy Reloading Of Page And Ads Display / Help!!! vanguard Site (vanguardngr.com) Don Give Me Pc Virus O! (2) (3) (4)
(1) (Reply)
| Has The Gumblar Virus Got You Yet ? by emonkey(m): 3:27pm On Jun 09, 2009 |
Your site might not have been hacked afterall; several websites hosted onĀ Linux Servers are showing virus alertsĀ due to an injection attack on packages hosted on the servers. The FTP logs of the infected packages indicate that the machines of the customers who own those domains are compromised and have been used to upload malicious content to their respective hosting packages. What is a Gumblar Attack? Gumblar appears to be a combination of exploit scripts and malware. The scripts are embedded in .html, .js and .php files using obfuscated Javascript. They load malware content from third party sites without the user's knowledge. It also steals FTP credentials from the victim's computer, which allows it to spread and infect additional sites. Therefore, when someone visits an infected site they get infected and if they have FTP credentials for a website on their machine then those sites will get infected too. This explains the exponential growth of the exploit in such a short space of time. What makes it different from previous malware exploits? There are a number of aspects to this exploit that both make it difficult to remove and help it spread. Firstly, it is infecting users who are browsing legitimate websites, if these users are webmasters then it is infecting their websites by using their FTP credentials to inject the script onto their site. The obfuscated malicious code is dynamically generated. This makes it difficult to detect and difficult to automatically remove. Not only does the script vary from site to site but it can also vary from page to page on the one site. Further Read: - http:///m23ncu - http://news.cnet.com/8301-1009_3-10244529-83.html What can you do ? What have we done? As a precautionary measure, temporarily block FTP services on your Linux Hosting Servers. Shift to a secure FTP connection and reset FTP passwords across all Linux Hosting packages. You can later on modify these passwords from your website management panel. You should ideally scan your machines given its exponential spread so far. |
(1) (Reply)
We Will Not Pay To Use Twitter. We Are Gone If This Happens / I Need A Website. / Hello There
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 12 |