Experts: Gumblar attack is alive, worse than Conficker

Experts: Gumblar attack is alive, worse than Conficker

news.cnet.com

Gumblar, a new attack that compromises Web sites, has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.
The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. The malware downloaded onto those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K., ScanSafe said last week.

(visit the link for the full news article)


Related News Links:
www.siliconrepublic.com

Related AboveTopSecret.com Discussion Threads:
www.washingtonpost.com...
www.ciol.com...''Conficker-not-re-emerging''/22509120005/0/

This new piece of code which many people have not been informed seems to be an evolution of the Conficker virus. Were the Conficker had successfully created bot net to over 6.5 million pc's this new adaptation holds very similar network and attack's similar to its predecessor.

To find out if a computer is infected:
1) Locate sqlsodbc.chm in the Windows system folder (by default under Windows XP, the location is C:WindowsSystem32);

2) Obtain the Sha1 of the installed sqlsodbc.chm. FileAlyzer is a free tool that can be used to obtain the SHA1 of a file;

3) Compare the obtained Sha1 to the list located on the ScanSafe STAT Blog;

4) If the SHA1 and corresponding file size do not match with a pair on the reference list, it could be an indication of a Gumblar infection.
The most effective way to remedy an infection is to do a full reformat and reinstallation, according to ScanSafe. Passwords or login details that were stored or used on infected machines should also be changed.

So we now have a chronological order of when the Conficker that seem to have stopped or limited its network injecting and almost afew hours later the Gumblar virus begun working and attacking.

Prabhat K Singh, senior director, McAfee Avert Lab (JPAC), said "whatever it (Conficker worm) had to do it has alread done. It has been quite sucessful in creating a bot network. It has not re-emmerged or we are seeing any paterens of it re-emerging in the future."

The attacks of Conficker or Downadup, which is a malicious software program, increased in the middle of April after fears that the worm would be activated on April 1 proved wrong.

According to security experts in India, the Conficker is now quietly turning thousands of personal computers into servers of e-mail spam and installing spyware. Experts have cautioned the enterpriese that it is the right time to install patches now to avoid the consequences. (ciol)

It is also interesting to note the President Obama announced a new cyber security division were you can view the video in the related link (washingtonpost).

There is a lot of chatter going on to and from various divisions and their is a serious alert being issued to major network security officials in extremely sensitive areas.

So hold on to your firewalls is this is going to get interesting in not the not too distant future.



news.cnet.com
(visit the link for the full news article)

I am not sure if this is related but, I noticed my PC was working overtime for the last month or so. Running network services all the time. I did a little digging and found my routers firewall had been compromised. Something did a password override and opened port 28577 on two computers on the network. I did some research and found only that that port is unregistered and something unknown was running in the background. I disabled the port and the network traffic stopped. Check your routers.

reply to post by timewalker


Indeed, keep in mind as i mentioned above, about 6.5 million pc's are infected and the owners have no idea that this is happening.