Thought the Conficker Virus Was Bad? Gumblar Is Even Worse.
If you thought Conficker was bad, meet Gumblar. If malware programs were comic book villains, Conficker would be Kingpin -- evil for sure, but really just a big bully. Gumblar on the other hand would be Galactus -- massive, all-powerful, evil, and extremely difficult to defeat.ScanSafe, a computer security firm, has been tracking the progress of the worm since its arrival on the scene in March, according to CNET. Originally, the attack spread through infectious code that was planted in hacked Web sites and then downloaded malware from the gumblar.cn domain on to victims' computers. But that was just the opening salvo. As Web site operators cleaned their pages of the code, Gumblar replaced the original material with dynamically generated Javascript (Web site code that is created on the spot instead of being completely determined beforehand -- a key element of Web apps like Gmail) that is much harder for security software to detect and remove.
The evolved version also went about adding new domains to the list of sources for downloading its malware payload, including liteautotop.cn and autobestwestern.cn, and began exploiting security holes in Flash and Adobe Reader. The worm also searches out credentials for FTP servers (a method for uploading files to a Web site) on a victim's computer, using them to infect additional Web sites.
Its not clear how many sites Gumblar has infected, but security firms seem to agree that it accounts for about 40 percent of all new malware infections right now. According to ScanSafe in just the first two weeks of May over 3,000 Web sites were compromised and spreading the worm. Most sites have been quick to clean up the infections as best they can, but, even if all the infected pages were removed, Gumblar would still have an army of infected PCs (see botnet) to inflict further damage. Already infected PCs could be used to hijack even more Web sites, by searching out logon information for Web servers and uploading their malicious payload. Compromised PCs can also be instructed to install Trojans that steal data and passwords.
The danger posed by Gumblar is so great that ScanSafe suggests a full reformat and reinstallation of Windows to clean out an infection. It also suggests changing all of your passwords and usernames after securing your PC.
Detecting an infection is complex, and not fool-proof. According to ScanSafe the best way to find out if your PC has been hijacked by Gumblar is to follow CNET's well laid out steps:
2) Obtain the Sha1 of the installed sqlsodbc.chm using FileAlyzer, a free tool for obtaining the Sha1 of a file. If you've never heard of Sha1 before, don't panic. It's a sort of automatically generated digital identifier for files designed by the NSA, and used by security applications to confirm that a file is what it is supposed to be.
3) Compare the obtained Sha1 code and the file's size to the list located on the ScanSafe STAT Blog.
4) If the Sha1 and corresponding file size do not match with a pair on the reference list, it's a potential sign of a Gumblar infection.
If you're still not sure if you're safe from Gumblar, or the method for detection has left you staring at the screen slack-jawed and sratching your head, then now might be the time to get on the phone with that tech-savvy cousin of yours and have him check it out. [From: CNET]
Weirdest Techie Heists and Scams
Elderly Amish Man Caught on Film With Prostitute, Blackmailed
When a 75-year-old Amish widower slept with a prostitute, he -- we feel certain -- felt pretty bad about it the next morning. As if that guilt weren't enough for the old man, the prostitute and her boyfriend demanded $67,000 from him, claiming that they had filmed the scene with wall-mounted cameras and would upload the recording to the Internet. The pair was later arrested and, we can only imagine, the Amish man abhorred technology more than ever.
Bank Robber Gets Away With the Help of Craiglist
In October, a bank robber -- wearing a safety vest, blue shirt, face mask and goggles -- eluded police with the help of Craiglist. Just outside the bank, while the robbery was in progress, stood a group of men who were responding to a Craiglist day labor opportunity. As the advertisement required, they were all wearing safety vests, blue shirts, face masks and goggles.
Nude New Zealander Arrested After Responding to Fake Sexy Text Message
Late in 2007, a Wellington, New Zealand man received a racy text message from two anonymous "ladies," giving him only an address and a request that he show up naked. Well, he indeed showed up naked... at the home of one appalled, unsuspecting New Zealander. Both the nude Romeo and the sadistic texter were arrested, though neither were prosecuted.
Fake Craiglist Ad Costs Man Most of What He Owns
Last Spring, a post appeared on an Oregon Craigslist board stating that the owner of a specific house was leaving all of his worldly possessions (still in said house) to whoever wanted them. When homeowner Robert Salisbury rushed home -- on a tip from a woman suspicious about the offer of a free horse -- he found his house being ransacked by 30 strangers. We suggest he take that horse and collect some vengeance Clint Eastwood-style.
17-Year-Old Jailed for Stealing Virtual 'Furniture'
When a 17-year-old Dutch boy hacked into several accounts on the Second Life-style site 'Habbo' in 2007, the the law got involved. The boy was discovered to have stolen $5,800 worth of virtual furniture and knick-knacks. Apparently, crime -- whether actual or virtual -- does not pay.
Phishers Going After Your Phones in New 'Vishing' Trend
Over the past year, sneaky spammers have begun to forsake the worn-out territory of e-mail in favor of cell phones' fertile frontier. The result? "Vishing." Get it? Voice mail + phishing. It might be more ominous if it didn't sound like a James Bond villain saying, "Wishing."
Burglars Break Into Restaurant, Steal HDTV, Leave Money / Food Behind
Around Halloween of last year, a truckload of thieves drove into -- that's right, into -- a Pennsylvania Mexican restaurant, where they -- apparently uninterested in the cash register -- stole a mid-grade 47-inch HDTV and fled the scene. We've all heard about how this generation is lacking in ambition, but this generation's thieves, too?
_thumbnail.jpg "Vintage Keyboards")
Reader Comments (Page 1 of 3)
Bryan said 8:53AM on 6-02-2009
"Thought" the conficker virus was bad?
Reply
uncle buck said 7:27AM on 6-03-2009
PRESIDENT OBAMA is announcing his new appointment to combat "cyber terrorism", something which could cripple our ability to function as a society. Sadly, look at the money, time, and effort to find "weapons of mass destruction" which never existed-a fake threat from a phoney "leader". WELCOME BACK TO REALITY, AMERICA!!
Reply
allenjimi said 8:00AM on 6-03-2009
get over it white boy!!!!!!!!!!1
Bob said 8:37AM on 6-03-2009
You are the dumbest, stupidest jerk I've read in awhile. Ol' lop eared crooked senator now in the white house is your freind, huh? One day his stupidness will catch up to him & his crooked cronies! He's making changes alright! America is losing out as #1. Your country is going down you losers! We've lost all trust in you people! Follow the Romans to self destruction, you are as sheep going to the slaughter!
spradera said 1:20PM on 6-03-2009
I'm afraid that the day will come that all the Geroge Bush naysayers will soon have to refer to him as "King George" after America really learns how he kept us safe from terroristic horrors. We are not privied to allot of the intelligence that cannot be shared. Unfortunately, the media, the polictical figures, and self promoting personalities capitalize off this fictitious platform to advance their own agendas. False accusations can always appear to be real and factual when they are not able to be refuted with intelligible cross-examinatoin--Just be careful, my friend; just be careful!
Stan said 1:25PM on 6-03-2009
Now that gives me a real warm and fuzzy feeling, knowing that King Barack is on the job, defending me.
john said 8:02AM on 6-03-2009
I just went to download FileAlyzer and my trend micro pcillen said it was dangerous. Probably because EXE. files can be dangerous to download. Just thought I'd pass this on.
Reply
crvtt4mw said 8:06AM on 6-03-2009
Thanks for the information. I was very helpful and useful. It was simple to follow and do.
Reply
cwolves4 said 5:10PM on 6-06-2009
I use vista & having trouble locating that file, what system are you running?
I've already downloaded the program, just need to find where I go next. Thanks so much for any help you can give me
Debbie
joshuajfenn said 8:23AM on 6-03-2009
Do anti-virus and malware blockers not detect and/or block??
Reply
vsel3 said 8:43AM on 6-03-2009
viruses generate billions in revenue, cuase we run out and buy the latest up. I have never heard of a virus creator being cought, or traced down. Have any of you. It seems viruses only work well with windows and microsoft. mo money, mo money Bill. That is why you are rich. Cause we are stupid
Reply
bahuch1980 said 9:14AM on 6-03-2009
I just checked mine and it matches THANK GOD! And I'm not even all that computer savvy. Its not too bad if you just follow the artical to a tee.
Reply
RMM said 9:26AM on 6-03-2009
ON THIS VERY COMMENT PAGE A PERSON WITH A SIGN IN NAME OF
NAMARRKO PUT A WEB SITE OF ANGELINA JOLIE SEX TAPES, IF YOU CLICK ON IT, IT COULD GIVE YOU A VIRUS. I'VE REPORTED IT TO THE WEB MASTER, I HOPE THE CHECK IT OUT, AND NOT LET PEOPLE POST THEM ANYMORE. BE CAREFUL.....
Reply
reasonw said 11:03AM on 6-04-2009
what do you know, just like in real life she can infect too,hahahaha
Chaz said 10:23AM on 6-03-2009
If they are caught, it is simple. Put them away for 25 TO 30 YEARS.THESE HACKERS HAVE TO LEARN RESPECT.DON'T MESS AROUND WITH THESE MORONIC TERRORIST.
Reply
Chaz said 10:28AM on 6-03-2009
Does anything ever happen to these virus hackers? When caught ,do they ever get punished? The courts are going to have to really lean hard on these hackers,teach others a lesson.
Reply
jim said 12:44PM on 6-03-2009
Yes some of them move on to high paid jobs as IT Security experts!
Jerry Dennis said 9:00AM on 6-04-2009
Yes, believe it or not, they do get punished, IF they get caught. They usually get a slap on the wrist and then a job with a big computer security firm. What really surprises me is how incompetent these security companies (who sometimes get government contracts to "protect" sensitive files) really are. The medical community managed to trace AIDS to the specific individual in Africa who had sex with a monkey, contacted AIDS and proceeded to spread it, eventually around the world. If that's possible, why can't these "experts" find out who's writing these malware and virus programs and BREAK THEIR FINGERS? It's like being a victim of identity theft. If my identity is stolen, I catch the guy and kill him, did I commit suicide?
crvtt4mw said 10:47AM on 6-03-2009
cwolves4...........................Did you donwload the FileAlyzer
Reply
Arthur said 10:48AM on 6-03-2009
I heard about this one the other day. Sounds like another headache.
http://www.starreviews.com/blog/StarArthur/2009_06/Gumblar-More-Intrusive-than-Conficker.aspx
Reply