NEW VIRUS PLEASE READ !!

Daffy501

Just read about this new virus , sound pretty bad

A complex new malware attack is setting infection records and raising serious alarms in the security community. Skip related content
Known unofficially as 'Gumblar' for one of the attack domains, the malware uses prolific attack methods and carries a dangerous payload.
Researchers say that the attack spreads by compromising web sites and injecting malicious JavaScript code into certain components of the site. A victim runs the risk of the JavaScript attack simply by visiting the infected pages.
Once a site is compromised, the malware alters access credentials and folder permissions to allow an attacker a 'back door' for entry to the site even when the user has changed passwords. The malicious code is also altered in slight ways, preventing administrators from automatically searching out and deleting the scripts.
Because the infection is so hard to get rid of, researchers say that Gumblar has enjoyed far more success than previous malware attacks.
First detected in late March, researchers thought that the attacks had been halted by mid-April when Google delisted the offending sites.
However, a new variant of the attack arose early this month and has been spreading rapidly. Security firm ScanSafe estimates that Gumblar attacks have jumped some 188 per cent over the past week alone, and Sophos credits Gumblar with up to 42 per cent of all malware infections in the past seven days.
"The gross infection rate is exceptional, especially this late in the game," said Mary Landesman, senior security researcher at ScanSafe. "Basically, it has been enjoying a free reign."
The payload is also believed to be highly dangerous. Landesman said that the malware intercepts web traffic such as Google search requests, and redirects it to fraudulent results. This allows the attackers to collect referral fees, and places the user at risk of further infection.
The malware also contains botnet controllers and is programmed to collect all FTP permissions on the infected systems, allowing Gumblar to infect any sites which the user administrates, further fostering the spread to new domains.

mike65

So you reckon that a 9 dart check-out will fix this?

waraf

Contact this guy for help....

Daffy501

I think it does relate to darts waraf considering we are havin so many problems with ezchalk and its known that ezchalk has malware attached to it

carbsy

Just stay outta the black and in the red and you'll be fine.

death1234567

Daffy501 wrote: »

I think it does relate to darts waraf considering we are havin so many problems with ezchalk and its known that ezchalk has malware attached to it

I think i put this in another thread but the only safe way to use ezchalk is with a Firefox explorer that has NoScript installed.

ratinakeg

Daffy501 wrote: »

Just read about this new virus , sound pretty bad

A complex new malware attack is setting infection records and raising serious alarms in the security community. Skip related content
Known unofficially as 'Gumblar' for one of the attack domains, the malware uses prolific attack methods and carries a dangerous payload.
Researchers say that the attack spreads by compromising web sites and injecting malicious JavaScript code into certain components of the site. A victim runs the risk of the JavaScript attack simply by visiting the infected pages.
Once a site is compromised, the malware alters access credentials and folder permissions to allow an attacker a 'back door' for entry to the site even when the user has changed passwords. The malicious code is also altered in slight ways, preventing administrators from automatically searching out and deleting the scripts.
Because the infection is so hard to get rid of, researchers say that Gumblar has enjoyed far more success than previous malware attacks.
First detected in late March, researchers thought that the attacks had been halted by mid-April when Google delisted the offending sites.
However, a new variant of the attack arose early this month and has been spreading rapidly. Security firm ScanSafe estimates that Gumblar attacks have jumped some 188 per cent over the past week alone, and Sophos credits Gumblar with up to 42 per cent of all malware infections in the past seven days.
"The gross infection rate is exceptional, especially this late in the game," said Mary Landesman, senior security researcher at ScanSafe. "Basically, it has been enjoying a free reign."
The payload is also believed to be highly dangerous. Landesman said that the malware intercepts web traffic such as Google search requests, and redirects it to fraudulent results. This allows the attackers to collect referral fees, and places the user at risk of further infection.
The malware also contains botnet controllers and is programmed to collect all FTP permissions on the infected systems, allowing Gumblar to infect any sites which the user administrates, further fostering the spread to new domains.

I would not worry about it too much Daffy, Ezchalk seems to be fine now, so it should be ok.

Daffy501

Cheers rat just thought it mite be relevent to ezchalk thats all

Double Top

cheer's for putting the post up Daffy

Podge2k7

mike65 wrote: »

So you reckon that a 9 dart check-out will fix this?

Lol

Carrickman

It's no joke folks had to destroy my website due to a virus like this, weeks and weeks of hard work had to be binned due to a virus:mad:

Stimulant

The is a very good resourse on the exploit: http://www.webpayments.ie/blog/Gumblar-What-is-it-How-to-I-remove-it-.html

and further down it gives suggested solutions.

Hope it helps!

podgeen

Hi Guys,

I don't normally read or post on the Darts forum but just came across this thread. I wrote the blog post on gumblar that someone has linked to in an earlier post. The post explains what Gumblar is, what it does and suggests ways to remove it. I have since updated the post with links to other resources including a script to automatically remove it from a php based site.

I'm not sure if any of you are actually infected with it but if you need some help removing it PM me or post a comment on the blog.

Cheers,
Dave