Beware of the Gumblar Worm

June 10th, 2009

Computer SecurityThere’s a new virus/worm out, and it’s taking the web by storm. Here’s how it works:

  1. You visit an infected site that has a malicious script.
  2. The script takes advantage of bugs in Adobe Reader and Adobe Flash to infect your system with a virus.
  3. If you have any FTP programs installed on your computer, the virus gets the login credentials, connects to the sites, and infects those websites with the script. This means that anyone visiting -your- site will now be infected.
  4. Whenever you use Internet Explorer to visit Google, you are redirected to a different site, possibly to activate pay-per-click advertisements.

To protect against Gumblar, do the following:

  1. Install the latest version of the Adobe Reader.
  2. Install the latest version of Adobe Flash Player. (Note, there’s one version for Internet Explorer and another version for all other browsers—you may need to install both.)
  3. Update your antivirus software and definitions, then run a virus scan.

For those who have FTP programs installed with saved passwords, I suggest (1) configure your FTP client so it doesn’t save the passwords, and (2) change the passwords. Also, this article explains how to determine if your website is infected and lists methods to remove the malicious code.


Leave a Reply


HTML: You can use these tags.