And if you don't have up to date AV, why don't you? There are a bunch of very good free AV programs for consumers and Bitdefender, for example is about $6/year/seat for businesses. Not every AV company is a Macafee or a Norton out to rake businesses over the coals.
I'll be glad when MS starts offering a basic AV package to Windows users with free updates. Then *nobody* will have an excuse and these kind of attacks will largely stop.
Anybody know when that MS AV package is due?
Gumblar attack worse than Conficker, experts warn
Summary
The website compromise attack adds new domains, steals data and continues to propagate after infections are cleaned up, making it worse than Conficker, says ScanSafe.
Topics
The website compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with web traffic, a security firm said on Thursday.
The Gumblar attack started in March with websites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the UK, ScanSafe said last week.
As website operators cleaned up their sites, the attackers replaced the original malicious code with dynamically generated and obfuscated JavaScript, making it difficult for security tools to identify. The scripts attempt to exploit vulnerabilities in Adobe's Acrobat Reader and Flash Player to deliver code that injects malicious search results when a user searches Google on Internet Explorer, as well as search the victim's system for FTP credentials that can be used to compromise additional websites.
The domain was changed to martuz.cn before both domains were shut down. And now, the malware is coming from sites including liteautotop.cn and autobestwestern.cn, among others, according to ScanSafe.
"Fortunately, it appears the name servers themselves are being shut down," the company said in a statement. "However, even after Gumblar-related attacks subside, cybercriminals will still possess the botnet of infected computers obtained via Gumblar."
ScanSafe contends that Gumblar is worse than Conficker, a worm that spreads via a hole in Windows through removable storage devices and network shares with weak passwords, as well as disabling security software and installing fake antivirus software.
Gumblar, which was responsible for 37 percent of all malware blocked by ScanSafe during the first two weeks in May, has more intrusive behavior — it intercepts and monitors web traffic, and installs a data-theft Trojan that steals user names and passwords from infected computers, ScanSafe said.
In addition, once a Conficker infection is remediated there is no further spread of the worm. However, Gumblar can use the FTP credentials it steals to compromise even more websites, potentially exposing many more victims, the company said.
This article was originally posted on CNET News.
Talkback Most Recent of 69 Talkback(s)
-
wolf_z29th May 2009 -
You don't even need A/V. Just apply the patch.
Which was released back in October 2008.
I don't even see why this is news. Essentially the headline should read:
"Foolish users who fail to patch their systems continue to be compromised".
These people will always exist so I fail to see why this is even news worthy.
ye29th May 2009 -
Someone will come up with...
Microsoft doesn't supply patches for pirated software even though they do.
Erroneous29th May 2009 -
Application patches too...
If you keep Adobe and Java updated it can definitely help mitigate the attack. I got hit three times using XP and the bug was trying to use Adobe Reader to gain admin access, but it couldn't do it on the latest patched version, and it gave NOD32 a chance to defeat it.
It hit three times before Comodo and ESET could block the transmission, all in a matter of seconds. Spyware Blaster helps nullify active x web-page controls that have been infected, and the built in host file helps block any bad servers bringing in attack vector files from the original injection.
JCitizen1st Jun 2009 -
Cue the WIndows apologists
Then *nobody* will have an excuse and these kind of attacks will largely stop.
ROFL! So, let me get this straight...you have to spend money to make your OS do what it should in the first place and that's somehow the users fault for not doing that?
Talk about codependent.
Chad_z29th May 2009 -
rofl
I see how you managed to ignore the fact that another poster already mentioned that the issue was patched last year.
Funny how you missed that one isnt it?
jdbukis@...29th May 2009 -
Chad, your reading comprehension needs work
Home users don't spend a dime.
Business users spend very little. Once MS finally gets off the pot and actually releases the free AV software they're promising even businesses won't pay a cent.
Besides, this particular issue isn't an issue if you turn on auto-patching--and that's *FREE*.
I really am looking forward to that free signature update tho. Put the likes of Norton out of business, and good riddence to bad rubbish. (Note I actually like Bitdefender the company, it's Norton and that ilk I loathe).
Oh here's the announcement...
http://www.microsoft.com/presspass/press/2008/nov08/11-18NoCostSecurityPR.mspx
Second half of 2009. We're getting there...wolf_z29th May 2009 -
Secunia PSI free too...
and it helps me get the Adobe and Java patches lickety split.JCitizen1st Jun 2009 -
It's not a necessity for for FOSS users...
...to concern themselves with this constant stream of mass virus infections. It never is.
I learned computers using MS. All the way back to early DOS. Microsoft is not the only player anymore.
What forces people in the business away from MS is the constant virus attacks and their success in bringing down computers.
It amuses me how people somehow feel that by taking magic pills, (AV and Critical Updates, installing Anti-Spyware, etc.) that they are somehow protected.
And what's especially amusing is how posters (who have never used linux), stand on a box and proclaim how it is on an equal par with Windows and will someday face the same tsunami of virus infections Windows does because of market share. Not a chance, It will never happen. I just wish they would try it for a while before posting.
Do I worry about virus infections? No.
Do I buy AV programs? NO.
Do I worry about spyware? No.
Do I miss MS Apps? No.
If you want to try LInux, go to LinuxMint.com and download the Linux Mint 7 .iso file.
Windows does not natively burn .iso files, so get the free program Active Iso burner 1.1 and install it.
Burn the .iso file to the disk at 1x speed to account for any irregularities with the CD Drives.
Insert the disk in the drive and reboot the computer. Linux will come up completely in memory and will not install anything on your hard drive.
You can then try it out and see what all the fuss is about without affecting your computer. When you turn the computer off and remove the disk, everything disappears.
If you want to start installing it, you click the "install" icon.
If you wnat dual boot, you select the manual mode, edit the Windows partition, reduce it in size. Then, create 2 new partitions, the first with mount point "/" which is root. The second partition would be "Swap" for the swap file.
Typically, if your hard drive is now 100 GB for Windows, You can reduce the Windows partition to 60 GB. and create a new 20 GB for the main Linux partition and 20 GB for the Linux Swap partition.
Select the "ext4" option for formatting. It's an improvement over "Ext3" and gives faster access.
I have a new Acer 1 Netbook that came with XP.
I installed Linux Mint 7 and EEEbuntu using the above methods (only with a 160 GB HDD). It's now a triple boot.
Joe.Smetona31st May 2009 -
This should tell you something.
It amuses me how people somehow feel that by taking magic pills, (AV and Critical Updates, installing Anti-Spyware, etc.) that they are somehow protected.
A/V just plain doesn't work. How many times have we seen infected systems running A/V. The best way to protect a system is to:
1. Run without administrative privileges.
2. Ensure the built in firewall is enabled.
3. Enusre you patch your systems.
These three things alone will protect a system from the vast majority of malware out there. Why people continue to avoid doing all three really puzzles me.
Do I worry about virus infections? No.
Do I buy AV programs? NO.
Do I worry about spyware? No.
Neither do I. I've been using Windows systems since 1990 (with the release of Windows 3.0) and I've never had malware.
ye31st May 2009 -
Ye, I believe you.
You have a message to sell, and that is very worthwhile.
But it's so hard for the average person to follow those guidelines to achieve your success. I think they seem to fail miserably because of their idea that the computer is just like driving a car without thinking and without checking the oil.
I've seen it so many times, especially when kids use the computer.
I've tried to educate customers, only to return in 6 months to find they haven't followed any of my suggestions.Joe.Smetona31st May 2009 -
Good advice Joe...
and I plan to do that to my aging laptop; however I need Vista x64 for my DRM riddled media center. I've never seen a FOSS solution for cable compliant systems(yet).
It is a pain to maintain XP, but running as a user on my Vista x64 system has the malware just sitting in my temp files unable to do anything(yet). The one time I got hit the UAC stopped it, later free Adaware removed it. CCleaner keeps the bugs out of my temp files.
It can still be done for free, but it will eventually be a pain on 64 bit systems as the malware writers wise up.
Avast is 64 bit now, so no worries for the most part, pocket book wise, for Window$ users out there. I think once a good lot of use figure out how to run VMs on Linux, a lot of gamers will move to FOSS solutions. I'm seeing a lot of games written for Linux now, and the hardware market is responding quite well. Maybe there will be a big movement in the near future?
Or should I say - bowel movement - to get rid of Windows for good.JCitizen1st Jun 2009 -
About Cable Systems and FOSS.
Linux should work fine for cable supplied
Internet like Comcast.
The modem supplies the internet via the RJ-45
connector to the computer. If you need to
configure, you do it through a web interface by
typing in 192.168.0.1 or 192.168.1.1 (for FIOS)
to bring up the configuration page for the
router and wireless radio settings.
Unfortunately, the Verizon router only offers
WEP encryption, so I turned the radio off
(through the web interface) and configured my
NetLink with WPA2 passphrase. If the URL's are
identical, the secondary router will usually
change the URL automatically so you can access
it. It has built in sensing for this.
As far as the Windows Disks that come with the
cable, they are not necessary and generally just
have gingerbread utilities for the general
population who aren't computer savvy. They just
automate the process to reduce service calls.
I believe Linux Mint will be coming out with a
64 bit version shortly, but I don't think it's
an advantage yet. Running a 32-bit OS on a 64-
bit Chip gives the best performance for 32 bit
apps. If you install a 64-bit OS on a 64-bit
chip, and try to run 32-bit apps, there will be
a severe performance penalty. So installing
Linux Mint 7 32-bit (as a dual boot) on your 64-
bit CPU might still be the best choice.Joe.Smetona2nd Jun 2009 -
That's interesting(and thanks)...
It seems most devices are already half way there with the OPEN cable standards and it seems a lot of drivers/software/firmware are GPL license code.
However I have an Mcard(ATI - TV Wonder), and I haven't seen any tweaks on that yet. Mine is an ATI card module rig that connects to the backplane through a fast USB 2.0 connection.
The other tuner connects to analog, and your idea would work for it, I'm sure. But premium content, it seems, is still out of range; but I haven't cruzed half the forum sites yet. Perhaps I should go back to thegreenbutton.com and look for Linux hacks.
Thank you very much for the info, it looks just like the proceedure I did through my ATI network consol.
Plus I don't know how much spying the cable companies are allowed on these rigs for DRM reasons, I noticed Cox Communications is established on my direct network most of the time; even though they are not my provider.JCitizen7th Jun 2009 -
freetarded
let's be clear, not running AV on linux is a really bad idea. Last i checked linux has had more viruses on it then windows. Further, a virus that exploits holes in flash isnt' just for your mommies xp machine.
mydasx1st Jun 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
