To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
.
Leo
Newton
Brights
Milds

From Wikipedia, the free encyclopedia

Gumblar is a malicious JavaScript trojan horse file that redirects a user's Google searches, and then installs rogue security software. Also known as Troj/JSRedir-R[1] this botnet first appeared in 2009.

YouTube Encyclopedic

  • 1/3
    Views:
    4 137
    1 114
    2 011 607
  • Visiting 38zu.cn, goggle.com, spysherriff.com and gumblar.cn
  • Episode 88: Gumblar
  • Alert! Do not enter this kind of site!

Transcription

Infection

Windows Personal Computers

Gumblar.X infections were widely seen on systems running newer MacOS operating systems.[2] Visitors to an infected site will be redirected to an alternative site containing further malware. Initially, this alternative site was gumblar.cn, but it has since switched to a variety of domains. The site sends the visitor an infected PDF that is opened by the visitor's browser or Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer. Newer variations of Gumblar redirect users to sites running fake anti-virus software.

The virus will find FTP clients such as FileZilla and Dreamweaver and download the clients' stored passwords. Gumblar also enables promiscuous mode on the network card, allowing it to sniff local network traffic for FTP details. It is one of the first viruses to incorporate an automated packet analyzer.

Servers

Using passwords obtained from site admins, the host site will access a website via FTP and infect that website. It will download large portions of the website and inject malicious code into the website's files before uploading the files back onto the server. The code is inserted in any file that contains a <body> tag, such as HTML, PHP, JavaScript, ASP and ASPx files. The inserted PHP code contains base64-encoded JavaScript that will infect computers that execute the code. In addition, some pages may have inline frames inserted into them. Typically, iframe code contains hidden links to malicious websites.

The virus will also modify .htaccess and HOSTS files, and create images.php files in directories named 'images'. The infection is not a server-wide exploit. It will only infect sites on the server that it has passwords to.

Gumblar variants

Different companies use different names for Gumblar and variants. Initially, the malware was connecting to gumblar.cn domain but this server was shut down in May 2009.[3] However, many badware variants have emerged after that and they connect to other malicious servers via iframe code.

Gumblar resurfaced in January 2010, stealing FTP usernames and passwords and infecting HTML, PHP and JavaScript files on webservers to help spread itself.[4] This time it used multiple domains, making it harder to detect/stop.[5]

See also

References

  1. ^ Matthew Broersma. "'Gumblar' attacks spreading quickly". Archived from the original on 25 October 2012. Retrieved 26 July 2012.
  2. ^ "Trojan-Downloader:JS/Gumblar.X Description - F-Secure Labs". www.f-secure.com.
  3. ^ Binning, David (15 May 2009). "Reports of Gumblar's death greatly exaggerated". Computer Weekly. Retrieved 2009-07-07.
  4. ^ "Gumblar-family virus removal tool". 22 December 2009.
  5. ^ "Sucuri MW:JS:151 Gumblar malware - domains used".

External links

This page was last edited on 27 March 2023, at 04:46
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.