This is a big problem, that many are not talking about it seems. The Gumblar exploit is becoming a big nuisance for many across the Web, so I wanted to create a thread here to discuss the general problem (not site specific issues) so we can all help each other get more informed about the problem.
What is it? According to the
US-CERT, here is what the Gumblar exploit is:
US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc. The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.
From the ScanSafe blog, we are able to get a few more
helpful FAQs on Gumblar, such as:
Is this a cross-site scripting (XSS) attack?
No. The compromises appear to be the result of stolen FTP credentials and direct manipulation of files on the Web server.So as you can see, this is far from being an issue with one web site or one web host. This is a problem that the entire Web is dealing with, right now.
How can you protect yourself? Here is a 'bit of information from an
InfoWorld article I found:
Security experts say that if you're using a fully patched system with up-to-date security software, you should be protected from these attacks. To date, they've worked by hitting the victim with malicious PDF or Flash files.
So time to run Windows update, and also update all your software via your PC. My suggestion would be to get the
File Hippo Update Checker. It'll scan your PC to see what is installed, and let you know if there is a newer version. Might also be a good time to run a full system scan via your favorite anti-virus/anti-spyware program to make sure you are not infected.
Related Reading about Gumblar:Here are a few more good articles and posts about this problem:
So there you go, a few more facts about this problem. If you have any more helpful resource or tips on it, please feel free to share and discuss!
