Doomworld Forums - New variant of Gumblar virus

Doomworld Forums : Powered by vBulletin version 2.2.5

Doomworld Forums > Misc. > Everything Else > New variant of Gumblar virus

Pages (2): « 1 [2]

Author

All times are GMT. The time now is 21:20.

GreyGhost
a ghost... only grey

Posts: 5188
Registered: 01-08

fraggle said:
In fact, Filezilla does the correct thing by storing them in plain text. . . At least it's honest and doesn't mislead you.

It's honest - and I'm kicking myself for not discovering that earlier.

myk said:
Still, I'm not sure if Firefox can open a PDF without the "what do you want to do with this file?" dialog. If it can't, I'm not too concerned about the vulnerability.

It can if you install an appropriate plug-in - though you can revert to "Always ask" in Options.

06-25-09 15:49 #

Profile || Blog || PM || Email || Search || Add Buddy

IP || Edit/Delete || Quote

Mancubus II
Purple is not a breakfast color

Posts: 1807
Registered: 02-03

My understanding of it all (from being a victim!) is that gumblar is/was based on a malicious pdf that will start acrobat reader then cause it to crash and exploit some memory whosits. This very much depends on the OS being windows and not linux. I'm not at all surprised that csonicgo is being irrational and misunderstanding the facts. While there may be a new exploit that targets google chrome, if it's anything related to gumblar it won't work on linux. The whole point of gumblar anyway was to just spread itself further and ruin search results. It particularly is harmful to people who access a lot of things through ftp (like web developers). I strongly recommend using a secure file transfer protocol and now do so myself wherever possible.

06-25-09 18:28 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

David_Dweedle
Loser

Posts: 318
Registered: 06-09

Anyways. Why the heck do people feel the need to make these virus's.. what does it prove?

Or are they just wanting to be the scum of the earth.. lol

06-25-09 22:44 #

Profile || Blog || PM || Email || Search || Add Buddy

IP || Edit/Delete || Quote

udderdude
Senior Member

Posts: 1342
Registered: 04-02

David_Dweedle said:
Anyways. Why the heck do people feel the need to make these virus's.. what does it prove?

Or are they just wanting to be the scum of the earth.. lol

There's money to be had in it, which is why you're seeing professionals get into the game.

06-25-09 22:52 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

David_Dweedle
Loser

Posts: 318
Registered: 06-09

udderdude said:

There's money to be had in it, which is why you're seeing professionals get into the game.

How the heck do ppl make money from virus's?

The only way I see it happenin is if they hack your Internet banking but otherwise I dont see how its done.

06-25-09 22:53 #

Profile || Blog || PM || Email || Search || Add Buddy

IP || Edit/Delete || Quote

myk
webbed digits

Posts: 14316
Registered: 04-02

They generate hits for ads links.

06-25-09 22:58 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

Csonicgo
This post is probably useless

Posts: 3823
Registered: 03-04

Mancubus II said:
I'm not at all surprised that csonicgo is being irrational and misunderstanding the facts.

at the time of posting that I was watching my computer turn into a paperweight, so I apologize for the spaz dumbass I injected into the post. since google chrome had just been released for linux ( in beta) I was getitng a bit freaked out if they were trying to get into linux wiht it too. But now I see they couldn't do that. Well, not easily.

06-25-09 23:09 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

GreyGhost
a ghost... only grey

Posts: 5188
Registered: 01-08

David_Dweedle said:

How the heck do ppl make money from virus's?

There's a long-running conspiracy theory which claims that viruses are written to sell anti-virus software. ;-)

On a more serious note - cybercrime is big business and a potential risk to national security. There's a lot of money to be made trading personal information, some is done legitimately by direct-marketing organisations and online advertisers - who data-match products to prospective purchasers, I doubt anyone knows how much is traded clandestinely but there's bound to be a ready market for raw data from a bunch of recently raped computers.

06-26-09 02:49 #

Profile || Blog || PM || Email || Search || Add Buddy

IP || Edit/Delete || Quote

myk
webbed digits

Posts: 14316
Registered: 04-02

Information sold by employees and the like should have a much greater impact than hacking in the dissemination of sensitive information.

The "legitimacy" of personal information trading by companies is also a debatable matter, as most people don't provide their information so that it gets sold out.

06-26-09 15:42 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

fraggle
Super Moderator

Posts: 5904
Registered: 07-00

Mancubus II said:
It particularly is harmful to people who access a lot of things through ftp (like web developers). I strongly recommend using a secure file transfer protocol and now do so myself wherever possible.

Changing your protocol will make no difference at all. If you are using the "save password" feature of your client, and your machine is compromised, your password can be stolen, regardless of the protocol you might be using.

The same also applies to SSH private keys without passphrases.

06-29-09 12:16 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

EarthQuake
9.5 on the Richter!

Posts: 2710
Registered: 05-03

Mancubus II said:
The whole point of gumblar anyway was to just spread itself further and ruin search results.

Uh, WHAT? So that's what this virus is that I have right now? Actually, can't believe I didn't learn about this sooner. I've scanned and found a multitude of malware in the past few days, and for the most part I've been successful in keeping my system stable. The only thing that still manages to elude me is how my search results keep redirecting me to pages which I'm obviously not trying to visit.

Occasionally, AVG will detect some type of threat and stop it from executing (and it's always when surfing online). I've been monitoring my outgoing traffic, and nothing seems to be happening in that department except for things like IRC sending/receiving packets, so it just seems like my system is a little under the weather at the moment.

I've already got all my shit backed up, so I'm just waiting to get my Windows XP CD for a much-needed reinstall.

07-03-09 20:17 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

Csonicgo
This post is probably useless

Posts: 3823
Registered: 03-04

FINALLY!

After waiting a week or so for the other AVs and malware scanners to catch up to this ridiculous sunuvabitch, I finally removed every trace of it. Its last line of defense is to mod permissions on registry keys, which is easily dealt with by MBAM. MBAM still can't detect everything, so Spybot- that program everyone forgot about- took care of the rogue keys.

I've done integrity checks on system files and everything seems fine so far. The final nasties appeared to be the backdoor TDSS trojan modified with the Trace Rootkit.

This isn't the first round of a malware rapesuite and it won't be the last. But now that it's getting to be used more often with 0days, it seems like the malware makers aren't doing this for shits and giggles alone.

How long will it be before malware is written to exploit a plugin/browser/buffer/ to install itself, replicate, obfuscate replicants in the registry under tweaked keys, constantly check on its status and phoning home for the latest 0days to hop around an intranet while being able to infect USB keys undetected, so it can come back to infect a host by exploiting another 0day....all the while collecting passwords, performing sneaky Botnet operations, and annoying the shit out of the user with browser hijacks?

07-08-09 02:51 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

L�t
YA-HA

Posts: 12221
Registered: 05-00

Csonicgo said:
How long will it be before malware is written to exploit a plugin/browser/buffer/ to install itself, replicate, obfuscate replicants in the registry under tweaked keys, constantly check on its status and phoning home for the latest 0days to hop around an intranet while being able to infect USB keys undetected, so it can come back to infect a host by exploiting another 0day....all the while collecting passwords, performing sneaky Botnet operations, and annoying the shit out of the user with browser hijacks?

Now that you've given malware coders such a challenging goal to aim for, probably not long.

07-08-09 03:13 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote

Csonicgo
This post is probably useless

Posts: 3823
Registered: 03-04

L�t said:
Now that you've given malware coders such a challenging goal to aim for, probably not long.

I don't think they could really do such a thing and not make any noise. It would have to be an assload of 0-days or rely on unpatched computers to even pull that off.

07-08-09 04:18 #

Profile || Blog || PM || Email || Homepage || Search || Add Buddy

IP || Edit/Delete || Quote