Gumblar Attack Targets Internet Explorer and Google Search Engine Users - Severity: HIGH
What is it?
Gumblar is another multi-faceted, ninja-quiet website attack.
Gumblar is another multi-faceted, ninja-quiet website attack.
Gumblar is named after the Gumblar.cn exploit, which so far targets users of Internet Explorer and Google search, delivering malware through compromised sites that infects a user's PC and subsequently intercepts traffic between the user and the visited sites. This means that once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, Web passwords or other sensitive data. Visitors encountering the compromised website also risk having their subsequent search results replaced with links that point to other malicious websites. The malware can also steal FTP credentials from the victim's computer and use them to infect more sites, thus increasing the spread of this threat. So far, more than 3,000 websites have been attacked including Tennis.com, Variety.com and Coldwellbanker.com.
Who is at risk?
Users of Internet Explorer and Google's search engine.
How do I protect myself?
ZoneAlarm Customers:
If you are running ZoneAlarm® ForceField™ browser security technology, you are already protected. If you are running ZoneAlarm Extreme Security, you must turn ON ForceField virtualization.
How to turn on virtualization:
- Step 1: Open ZoneAlarm Extreme Overview Panel. Double-click on the ZoneAlarm icon in your system tray.
- Step 2: From the list of features, click "Browser Security"
- Step 3: Click on "Settings" in the Browser Security Overview Panel
- Step 4: Click "Advanced" tab and check the box "Enable Virtualization"
ZoneAlarm ForceField's browser security virtualization technology automatically catches and neutralizes stealth Web browser downloads in a safe, virtual data space where it is unable to harm your PC or your identity.
How do I know if I've been infected?
(as reported by Elinor Mills with data from ScanSafe):
(as reported by Elinor Mills with data from ScanSafe):
- Locate sqlsodbc.chm in the Windows system folder (by default under Windows XP, the location is C:\Windows\System32\).
- Obtain the SHA1 of the installed sqlsodbc.chm. FileAlyzer is a free tool that can be used to obtain the SHA1 of a file.
- Compare the obtained SHA1 to the list located on the ScanSafe STAT Blog.
- If the SHA1 and corresponding file size do not match with a pair on the reference list, it could be an indication of a Gumblar infection.
ZoneAlarm Tips:
No anti-virus or anti-spyware solution is 100% effective, so ZoneAlarm recommends a multi-layered security solution. ZoneAlarm's exclusive OSFirewall™ monitors and blocks dangerous behavior within your operating system. While ZoneAlarm's anti-virus feature will detect, block and remove viruses, the OSFirewall will protect you from even the most advanced viruses even if they manage to bypass your anti-virus protection.
Make sure your PC has the latest virus definitions and product updates:
To make sure your product is up-to-date, click "Check for Updates" on the main overview panel, lower left corner. Then click "Anti-virus" on the left navigation bar, and click "Update Now" for the latest signatures.
Need Protection?
INCLUDES: ZoneAlarm ForceField and ZoneAlarm Internet Security Suite
Plus: Online Backup and PC Tune-up
Plus: Online Backup and PC Tune-up
| BUY NOW |