[AzTechNotes] Web Hosting FTP virus warning - GUMBLAR

No replies
Joined: 16/08/2008
Points: 261
Attn: Aztech Hosting Clients and AztechNotes Subscribers,
Firstly, apologies if you receive this email twice because you are on both lists but I thought it worth making sure everyone receives this virus warning.
It has been quite some time since we have seen a security alert that is worth passing on, however there is a growing concern in the security fields regarding a virus commonly known as "Gumblar".  The virus is named after the original Chinese domain name (gumblar .cn) that hosted the malicous code, but this site has since been closed and an alternative domain has been established.
The virus has been in the wild for a couple of months but the simple nature of the virus means that it is still propogating across unprotected PCs.  The virus gets onto a PC by installing malicious software (malware) when the user visits an infected website. The malware will then search the PC for stored FTP usernames and passwords to your website.  Once it has the username and password it will update the pages on your website to host the virus so that it can infect other users that access your website.
Protection from the virus is quite simple and only requires you to have the following:
 - Run a good anti-virus package and make sure it is fully updated.
 - If you use Adobe Reader, make sure it is updated to the latest version (this is one of the programs it exploits)
 - Run a malware check on your PC (see http://www.malwarebytes.org/mbam.php for a good example to use)
 - Change your password on your hosting (FTP) account (just in case!) and don't save it in your FTP program.
Here are a few artcles giving further details for those that want to know more:
For any Aztech Networks hosting customers, if you think your website may have been infected then please check your PC for viruses / malware and change your hosting account password immediately.  We will do our best to regularly try and identify if your site gets infected but the new versions of the virus scripts are very hard to identify from legitimate scripts so we may be unable to detect them.



For Official Aztech Networks Support - email to support@aztech.net.au

If you appreciated this help, please donate so we can keep the tech info flowing!