Gumblar now more dangerous than Conficker!

[polonus]

Hi malware fighters,

Acccording to security experts Gumblar forms a bigger threat than Conficker. The new worm penetrates deeper and try to steal user data.

Through stolen FTP-logins or holes inside normal website configuration hackers smuggle in a new malicious code. The variety of cooperative malware is known generally under the name Gumblar. It spreads rapidly over more and more domains now, the counter at the moment stands at more than 3.000 domain names and that number is still growing:
also read here: http://forum.avast.com/index.php?topic=45296.0

polonus

[DavidR]

This isn't really that surprising as it doesn't rely on an OS vulnerability to get established.

Though what was a flood of topics relating to avast blocking this, it has slowed to a trickle. So perhaps some are getting wise to it and updating their sites scripting software, php, sql, wordpress, etc.

[cinchez]

Thanks for the info^^

†Polonus
†DavidR

-AnimeLover^^

[polonus]

Hi malware fighters,

Unfortunately more gumblar news, they have added new domains.
It is bad news repeated, but there are two new Gumblar-domains active now. The original domain that was active gumblar.cn, was being blocked later, then this domain: martuz.cn was set up. Later two new domains were being added:

liteautotop.cn

autobestwestern.cn

Because the malcode is of various origin and content it can be very hard for av software to intercept this malcode.

Everyone is therefore being advised to block the domains mentioned within the Firewall so the spreading of malware onto websites and infections of users can be prevented.

Those whose computers have been compromised with Gumblar are being advised by ScanSafe to re-install the Operational System. The malware is capable to penetrate deep into the infested OS,

polonus

[Dwarden]

3.000 domains out of 300 bilions ... really terrific spread ...
oh well ... so much about modern massmedia news...

[DavidR]

@ polonus.
Personally I don't care what the domains are, they aren't the issue, but just the payload site/s. Shutting them down proves they aren't the issue because as fast as you shut them down others will replace them.

The issue is stopping the hacking in the first place, then it wouldn't matter if there was one or one hundred payload domains.

You don't tru to block spam by blocking individual email addresses as it is a constantly moving target the same is true here, so I don't worry about what the domains is because that simply doesn't matter.

It could be any domain and in some cases it is and this could even be a legit domain that has malware inserted into it and the redirect could link to that and they wouldn't even have to go to the trouble of getting a domain.