Virus Threat Alert - Gumblar

Gumblar Attack Targets Internet Explorer and Google Search Engine Users - Severity: HIGH

What is it?

Gumblar is another multi-faceted, ninja-quiet website attack.

Gumblar is named after the Gumblar.cn exploit, which so far targets users of Internet Explorer and Google search, delivering malware through compromised sites that infects a user's PC and subsequently intercepts traffic between the user and the visited sites. This means that once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, Web passwords or other sensitive data. Visitors encountering the compromised website also risk having their subsequent search results replaced with links that point to other malicious websites. The malware can also steal FTP credentials from the victim's computer and use them to infect more sites, thus increasing the spread of this threat. So far, more than 3,000 websites have been attacked including Tennis.com, Variety.com and Coldwellbanker.com.

Who is at risk?

Users of Internet Explorer and Google's search engine.

Virus Threat Alert - Nine Ball

Virus Threat Alert - Nine Ball

What is it?

Nine Ball is a multi-layered Web browser attack targeting legitimate Web sites to redirect users to malicious sites owned by the attacker. The downloaded malware attempts to infect user's computer through a number of exploits including Adobe Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy.

The attack name "Nine Ball" refers to the name of the final landing page which is full of malicious drive-by exploits that are automatically downloaded to computers without user's consent or knowledge. Once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, passwords or other sensitive data.

How does the threat work?

1. Victim visits legitimate infected site.
2. Victim is redirected to a series of different sites owned by attacker.
3. The final redirect is to a malicious drive-by download site, which attempts to download malware to victim's computer through a number of exploits including MDAC, AOL SuperBuddy, Adobe Reader, and QuickTime exploits.
4. The malicious programs typically attempt to steal information from the victim via a keystroke logger.
5. Once a user has already visited the malicious web page, these repeat visitors are re-directed to the search engine site Ask.com. We assume this design is a technique to evade investigation.

Associated effects & implications of attack:

• Over 40,000 legitimate web sites have been compromised.
• Multi-level redirection attack---victims are redirected to a series of different sites owned by attacker. Final site contains the malicious drive-by download and records visitors IP address.
• Detection by antivirus/antispyware programs is very low because attack uses random number generation to determine which malware to download, evading an obvious pattern that can be picked up by signature-based antivirus detection systems.
• Malicious programs typically attempt to steal information from victim via a keystroke logger. This information could potentially be used for financial or identity theft.

Are there other variances of this vulnerability/threat?

Yes, in the sense that the malware downloaded at the final redirect site varies. It appears that among other malware, a waledac variant is delivered at the final redirect URL.

AntivirusKiller - What is Spyware?

Spyware refers to computer software, programs, that are installed, usually without the computer users knowledge and gather information about how the computer is being used and the websites the user visits.

The simplest and most insidious form of spyware are so-called “cookies” although not all cookies are bad. These tiny pieces of computer code are loaded into your browser when you visit a site. They are usually required to let you login to an ecommerce site, such as Amazon, or a social networking site like Facebook. They are a necessary evil in such cases, without them login would not necessarily work, but they also allow the owners of various sites to track your browsing on that site.

At worst, however, a cookie might be planted by a less than ethical site that traces your activity across different sites. Modern browsers have built in controls that allow you to control which sites can install cookies. They also let you automatically delete cookies when you close your browser and retain the ones you need on an ad hoc basis.

Spyware, however, is more than crumbling cookies. When the term was first coined in the 1990s it usually referred to a small program that was installed on your computer when you installed another program, such as a freeware or shareware drawing package, text editor, or other application.

Examples of programs that contain spyware include: Bonzi Buddy, Dope Wars, EDonkey2000, Grokster, Kazaa, Morpheus, RadLight, Sony’s Extended Copy Protection, WeatherBug, WildTangent, and SpyEagle. This is not a current or comprehensive list and many of these programs are no longer widely used.

These hidden programs can run in the background when you start your computer and send all kinds of information about your computer activity to a central server owned by the spyware creator.

Initially, such spyware may have been undesirable but it was not necessarily malicious, usually being used simply to gather information about consumer behavior and so produce more targeted advertising campaigns. However, the line between spyware and malicious software (malware) has become very blurred and malware is now commonly used by criminals to steal private information, such as bank details and logins, rather than simply spying on the websites you visit.

Indeed, malware of this kind can not only steal your personal and private data but can surreptitiously manipulate your computer, often without you even knowing anything is wrong. It might, for instance, install additional software or redirect your web searches to specific sites. Spyware/malware often changes computer settings, which can slow your connection speed, change your browser home page or add new and unwanted bookmarks to your favorites list. Occasionally, your computer may accumulate so much software that you lose Internet connectivity or functionality altogether. Rather than refer generically to spyware or malware, the term privacy-invasive software was coined.

As with most threats, there are now companies and organizations that have emerged to respond to the threat and address the problem. Anti-spyware software is now available, including the recommended Spybot (don’t be put off by the old-fashioned website, this is a powerful tool), Adaware (don’t be put off by the cheesy photos and marketspeak, this is also a powerful tool), and Microsoft’s Malicious Software removal tool (this time, don’t be put off by the fact that it’s a Microsoft freebie, for once they got something right with this application). Oh, there’s also SuperAntiSpyware, which sounds pathetically naff, but is very powerful.

Keenly priced security suites, from Zone Labs and Mcafee, and AVG, represent good value as they provide antispyware, firewall, and antivirus all in one package. My only reservation about recommending a suite rather than using three distinct products for each category is that if the suite is compromised by malicious software, then all your security is disabled at the same time. Three distinct products for firewall, virus, and spyware, has the potential to keep you protected on two fronts even if the third is breached and you may have time to reinstall and get re-protected before serious harm is done.

Many antispyware tools are free for personal use. But, be warned, unknown popup windows that appear on your computer are usually themselves spyware and entice you to run checks and download antispyware tools. Do not click them, your computer will be infected with worse still. With some of these popups clicking the X to close the box may trigger a cascade of infection events.

The following is a list of “products” that claim to protect and serve, but are themselves malware. DO NOT INSTALL any of these, no matter how credible the advertising, popup box or whatever that suggests you do may seem.

AntivirusKiller - Understand Computer Viruses

A computer virus is a virus that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code, usually with file extension of .exe) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a Floppy Disk, Compact Disc, DVD, or USB Thumb Drive. Viruses can increase their chances of spreading to other computers by infecting files on a Network file system or a file system that is accessed by another computer.

The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with Computer worm and Trojan horses, which are technically different.

A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed.

Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.Most personal computers are now connected to the Internet and to Local area network, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, E-mail, Instant Messaging, and File sharing systems to spread.

Check us out for more articles and updates about Viruses and Anitviruses news.