Information on the Gumblar Virus

Discussion in 'Community Forum Software' started by Wayne Luke, May 23, 2009.

  1. Wayne Luke

    Wayne Luke Regular Member

    Joined:
    Apr 2, 2009
    Messages:
    992
    Likes Received:
    276
    This is a reprint from a thread I made on the vBulletin.com forums.
    ------------------------------------------

    There is a new virus that is affecting a variety of PHP driven websites out there. The method of injection isn't completely known at this time. It has been noticed to affect vBulletin sites amongst others including Drupal, WordPress, phpBB, PhotoPost, SMF and others.

    This is not due to a vBulletin Vulnerability.

    Please see these sites for more information:
    'Gumblar' attack explodes across the web - Yahoo! News UK
    New Wave of "Gumblar" Hacked Sites Installs Google-targeting Malware - PC World
    ScanSafe STAT Blog - ScanSafe STAT Blog - Gumblar Compromised Sites Up Another*-9%

    See this site for some specifics including tips on removing this virus:
    Gumblar .cn Exploit - 12 Facts About This Injected Script | Unmask Parasites. Blog.
    ScanSafe STAT Blog - ScanSafe STAT Blog - Gumblar*-Q&A

    If necessary, we can assist on helping with compromised websites but ultimately the security of your website requires security of your local workstations and you will need to make sure that they are secure.

    Update:
    It is felt that this virus is being spread through exploits in older versions of Adobe Flash and Adobe Reader. You need to make sure to keep all software up to date.

    'Gumblar' PC virus is targeting Google users, warn experts | Technology | guardian.co.uk

    If you're worried about the safety of your site then please visit here:
    Website Security Check - Unmask Parasites

    Here are instructions on how to remove this virus:
    Gumblar - virus Threat to the Internet - How to Remove | Webologist

    Please note that Macintosh users are not invulnerable to similar attacks or even a variant of the Gumblar virus due to an unpatched and published exploit in the Java Virtual Machine shipped by Apple. For information on this please see:
    Landon Fuller
     
  2. Nick

    Nick Regular Member

    Joined:
    Jul 27, 2008
    Messages:
    7,444
    Likes Received:
    219
    I saw this on vB.com Wayne. Thanks for posting it here as well; I've made it a sticky thread for now. :)
     
  3. Chris

    Chris Regular Member

    Joined:
    Dec 27, 2007
    Messages:
    5,422
    Likes Received:
    86
    Thanks for posting this, Wayne!
     
  4. Wayne Luke

    Wayne Luke Regular Member

    Joined:
    Apr 2, 2009
    Messages:
    992
    Likes Received:
    276
    No problem. I am seeing this more frequently and the more information out there the better off people will be.
     

Share This Page