US-CERT alerts on Gumblar, Martuz drive-by download exploits

US-CERT alerts on Gumblar, Martuz drive-by download exploits

Tags:   Gumblar  Martuz  Symantec  US-cert  web threats

By Robert Westervelt | May 20, 2009

Security researchers are warning of the latest malware exploits that seize on website flaws in an attempt to inject malicious JavaScript code and ultimately spread malware to unsuspecting visitors.

The malware exploit, called Gumblar, has been spreading onto websites through stolen FTP credentials, vulnerable Web applications and poor configuration settings, according to an advisory issued by the US Computer Emergency Response Team (US-CERT).

Visitors to corrupted websites who haven't applied updates to various Web applications, including Flash Player and Adobe Reader, could become victims to a drive-by malware download.

"This malware may be used by attackers to monitor network traffic and obtain sensitive information," the US-CERT said in its advisory.

The attacks are not new, but researchers are trying to figure out exactly how so many websites became infected by the flaw, said John Harrison, group product manager for Symantec Security Response. Harrison said statistics from the Norton Community Watch, a program that collects security and application data from Norton antivirus users, logged about 10,000 attacks from the malicious Gumblar domain.

"From our perspective, there's been so many of these that it is really just another new one in a long line of ones," Harrison said. "Considering the number of attacks we saw and the number of different websites infected, this is somewhat small in comparison."

Symantec and other security vendors have been successfully blocking malware that attempts to exploit known Web application vulnerabilities. Security researchers have also detected most of the China-based Gumblar domains and have gotten them shut down to protect websites from falling victim, but according to Symantec, those behind the attack have recently switched domains to Martuz, malicious domains based in the UK.

"Drive-by downloads form mainstream websites are the number one way that consumers and users are being infected today," Harrison said. "It's easy for an attacker and unfortunately a lucrative way to try and get malware to do things on a website or to try and rig some of the advertising schemes that are out there."

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Cybercriminals target healthcare records
PCI tokenization on the rise
Microsoft addresses Windows and Office vulnerabilities
Top 10 tips for protecting sensitive data from malicious insiders

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS