Gumblar 'botnet' continues to grow as new variants detected

By

The Gumblar attack is continuing to hit websites with new variants detected in Japan.

Mary Landesman, senior security researcher at ScanSafe, said she had received correspondence claiming that the research on Gumblar ‘sounded very much like the GENO reports that had also been circulating in Japan. And as it turns out, indeed they were the same.'


“ScanSafe termed the compromises 'Gumblar' because that was the name of the second stage malware domain used. Security folks in Japan termed the compromises GENO because one of the more high profile victims of the compromises in Japan apparently was a site named GENO. Unfortunately for our friends in Japan, it appears these Gumblar/GENO compromises are causing just as much headache there,” said Landesman.


ScanSafe also claimed that the infection has created a growing botnet of compromised websites, as even with a dip in traffic over the weekend, the amount of compromised websites grew by a further ten per cent since last Friday. This is up by a total of 246 per cent from when it first began tracking the increase just over a week ago.


The exploit has also reached the attention of US-CERT, which encouraged users and administrators to apply software updates in a timely manner and use up-to-date anti-virus software to help mitigate the risks.

See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?