| Author |
Topic: Gumblar virus |
Bent Romnes
From:
London,Ontario, Canada
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 26 May 2009 8:55 pm Re: Gumblar virus |
|
Yes I do.
Trend Micro Internet Security,
MalwareBytes AntiMalware,
Spybot S&D and Norton Internet Security, to name but a few. I would venture to say that just about any anti malware program that is updated more often than monthly should detect the Gumblar Trojan, with current definitions installed. The problem is that too many people operate their computers without realtime anti malware protection. If Trojans like Gumblar sip in they can take over complete remote control of a PC. If you manage a website and have ftp login credentials saved to disk, the Gumblar will send them home to Russia and your website will be owned by criminals as well.
Keep your browsers and add-ons up to date with patches by running the Secunia Online Software Inspector, or Personal Software Inspector every week.
Gumblar Trojans are installed by drive-by exploits of unpatched Internet Exploder browsers and Adobe Flash Player and Reader software.When a website is hacked by the Gumblar Trojan, obfuscated JavaScript codes are installed to exploit visitors to that website, via any vulnerable and targeted software add-ons or plug-ins the victim is using.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Bent Romnes
From:
London,Ontario, Canada
|
Posted 27 May 2009 6:07 pm
|
|
Thanks Wiz.
I had never heard about this particular one before and kind of went on high alert when reading the warning in my yahoo! account. On your recommendation I have had both Secunia and Spybot S&D for a long time now. SO I guess I should be safe as long as I scan on regular intervals.
_________________
BenRom Pedal Steel Guitars
https://www.facebook.com/groups/212050572323614/ |
|
|
|
Bill Ford
From:
Graniteville SC Aiken
|
Posted 3 Jun 2009 11:51 am
|
|
FWIW question for Wiz, or anyone...Is your system in danger of virus infiltration when you do not have a browzer open? Just one of the things I have been curious about.
Bill
_________________
Bill Ford S12 CLR, S12 Lamar keyless, Misc amps&toys Sharp Covers
Steeling for Jesus now!!! |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 3 Jun 2009 1:22 pm
|
|
| Bill Ford wrote: |
FWIW question for Wiz, or anyone...Is your system in danger of virus infiltration when you do not have a browzer open? Just one of the things I have been curious about.
Bill |
That was the "right" question to ask!
Most of the threats that I write about are browser attacks, or target third party add-ons and plug-ins.
For instance, Apple just released patched versions or iTunes and the QuickTime browser plug-in, for both Mac and Windows, to fix 11 critical vulnerabilities that are being exploited in the wild. If you have either or both of these programs on your PC or Mac, please run Apple Update, or the Secunia Online Software Inspector to determine what software on your computer needs updating.
But, there are other attack vectors being employed by cyber criminals, some of which target broadband modems and routers. For years now there have been exploit probes conducted over the protocol used to communicate over the Internet. Do you remember the MS Blaster Worm of August 2003? It was a "TCP/IP" (the backbone protocol used to communicate over the Internet) Worm that connected to hundreds of thousands of PCs that were directly connected to their modems (broadband and dial-up), but not protected by firewalls or NAT routers. There is an endless sea of hostile probes trying to find computers, modems and routers that have exploitable open "ports" or routers with remote administration, or UPnP (Universal Plug and Play) enabled, with default admin passwords intact. I have written several articles about these matters on my Blog, since 2006.
For now, take my best advice and disable UPnP and remote administration on your wired and wireless broadband routers, then set a strong administrator password, close any open file sharing ports, then restart the router. Ditto for combination modem/routers.
Finally, whether you connect to the Internet over broadband or dial-up, make sure that your PC has a software firewall enabled to block all unsolicited incoming TCP traffic (and UDP). Windows XP and newer contains a built-in incoming firewall, so make sure it is enabled unless you are using a third party firewall (like ZoneAlarm or Comodo Personal Firewall, or PC-cillin, or N.I.S.). Most external routers contain a hardware firewall that is enabled by default. Make sure it is enabled on your routers. Do not open ports for untrusted applications. Do not enable UPnP ports at all. Learn to setup router networking and security manually.
That is just a starting point. I intend to write another blog article all about securing routers, modems and PCs and will post a link to it when it is online.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Last edited by Wiz Feinberg on 3 Jun 2009 9:00 pm; edited 1 time in total |
|
|
|
Bill Ford
From:
Graniteville SC Aiken
|
Posted 3 Jun 2009 6:23 pm
|
|
WOW !!! Wiz, you are the man, thanks for the info. I'll be on lookout for your update.
Bill
_________________
Bill Ford S12 CLR, S12 Lamar keyless, Misc amps&toys Sharp Covers
Steeling for Jesus now!!! |
|
|
|
Brint Hannay
From:
Maryland, USA
|
Posted 4 Jun 2009 6:28 pm
|
|
I have ZoneAlarm free firewall, and received a warning from ZoneAlarm about Gumblar. Naturally, they said ZA free firewall was insufficient to protect me, and urged me to buy a ZA product.
Their info said Gumblar attacks users of "Internet Explorer and Google search engine". It's unclear to me whether that means those using both, or one or the other separately. I use Google, but in Firefox.
Wiz, as to internet security programs that can be expected to be effective against this, what about AVG AntiVirus and SpySweeper? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 4 Jun 2009 7:45 pm
|
|
| Brint Hannay wrote: |
I have ZoneAlarm free firewall, and received a warning from ZoneAlarm about Gumblar. Naturally, they said ZA free firewall was insufficient to protect me, and urged me to buy a ZA product.
Their info said Gumblar attacks users of "Internet Explorer and Google search engine". It's unclear to me whether that means those using both, or one or the other separately. I use Google, but in Firefox.
Wiz, as to internet security programs that can be expected to be effective against this, what about AVG AntiVirus and SpySweeper? |
Brint;
I received the same sales letter from ZoneAlarm. They are promoting their ForceField browser virtualization (sandbox) plug-in for Internet Explorer (and, I believe, Firefox). It sounds like a good idea and can be used alongside of your other security programs. I may test it if I can download a free trial. If so, I'll report on my findings, along with links to try or buy it.
Trend Micro Internet Security and AVG also have browser protection plug-ins, but in different forms than ForceField. If you have Trend Micro installed and try to browse to a web page with hostile codes it will be instantly blocked. Avg has a plug-in that follows links and tests the destination pages for malware codes.
I can't speak for SpySweeper at all.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 4 Jun 2009 9:06 pm
|
|
It appears that the Gumblar threat is dying out. The name servers for its multiple hostile domains have been cut off and re-routed to the bit-bucket in the sky. However, other threats are on the horizon, so remain vigilant at all times and keep your malware protection up to date, as well as your third party browser plug-ins (Apple QuickTime, Adobe Reader and Flash, etc).
QuickTime and iTunes were just updated this week. Adobe Acrobat and Reader get critical updates next Tuesday, which coincides with Microsoft's Patch Tuesday.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
