It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
Gumblar, a new attack that compromises Web sites, has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.
The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. The malware downloaded onto those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K., ScanSafe said last week.
To find out if a computer is infected:
1) Locate sqlsodbc.chm in the Windows system folder (by default under Windows XP, the location is C:WindowsSystem32);
2) Obtain the Sha1 of the installed sqlsodbc.chm. FileAlyzer is a free tool that can be used to obtain the SHA1 of a file;
3) Compare the obtained Sha1 to the list located on the ScanSafe STAT Blog;
4) If the SHA1 and corresponding file size do not match with a pair on the reference list, it could be an indication of a Gumblar infection.
The most effective way to remedy an infection is to do a full reformat and reinstallation, according to ScanSafe. Passwords or login details that were stored or used on infected machines should also be changed.
Prabhat K Singh, senior director, McAfee Avert Lab (JPAC), said "whatever it (Conficker worm) had to do it has alread done. It has been quite sucessful in creating a bot network. It has not re-emmerged or we are seeing any paterens of it re-emerging in the future."
The attacks of Conficker or Downadup, which is a malicious software program, increased in the middle of April after fears that the worm would be activated on April 1 proved wrong.
According to security experts in India, the Conficker is now quietly turning thousands of personal computers into servers of e-mail spam and installing spyware. Experts have cautioned the enterpriese that it is the right time to install patches now to avoid the consequences. (ciol)