Gumblar attack

by Selva 2009-05-27 10:50:51

Gumblar attack - started from this March is spreading over speedly and attacking from PC's to Websites.This scrap will let you to know about the Gumblar attack .

This attack is know to be started from the domain gumblar.cn ( now it is spreaded to many websites).When you vist such a attacked website,the harm code in that website will read password informations stored in your PC (such as FTP password infromation used in Filezilla ),and send it to the hacker.The hacker can use the infromation(FTP password) fetched from your PC and login into you website and put harm code into your site,so that you site also become as a vulnerable site and does read FTP information from the PC's of your site vistors and send it to the hacker .

Now these kinds of sites are detected by google and blocked from viewing in browsers such as Firefox,so when your site is attacked with Gumblar you will get warrings like Reported To Be Attacked in your site instead of site display.

To Retrive/Prevent your site from Gumblar attack :

1)Clean up the files : Delete unwanted files or harm files found in your site,and put fresh files from your backup
2)Change your FTP password (select strong passwords)
3)Dont store password information in FTP clients (like using quickconnect options found in Filezilla) and dont use browsers for FTP connetions
4)Make sure that the machine you use for FTP uploads is clean(must not contain any malwares) and is not used for browsing harmfull sites
5)Request Google and Firefox to de-list your site from the vulnerable site list maintaned by them ( for this click here)

6) If possible request your server or hosting provider to implement SFTP [ FTP over SSH ] and use SFTP to upload connect to server and upload files


Note:
Some related links :
http://www.webhostingtalk.com/showthread.php?t=864208
http://news.cnet.com/8301-1009_3-10244529-83.html
http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/

Tagged in:

2756
like
0
dislike
0
mail
flag

You must LOGIN to add comments