Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Security experts at ScanSafe are warning users to be on their guard after recording a resurgence of the notorious Gumblar botnet and its associated malware.
The security-as-a-service firm warned in its monthly Global Threat report that 29 percent of all web malware blocks last month were related to Gumblar, a botnet which installs traffic sniffers and backdoors on PCs and then uses stolen FTP credentials to compromise web sites.
"Gumblar is arguably one of the most insidious threats facing web surfers and web site operators today," said Mary Landesman, senior security researcher at ScanSafe.
"Disturbingly, in early November, we detected that the backdoor left in place on the compromised web sites by the Gumblar attackers was being leveraged by other groups of attackers, meaning that the sites were under their control. This exacerbates the seriousness of the situation."
Gumblar is more sophisticated than many threats in that it is dynamically obfuscated to bypass signature-based detection methods, according to ScanSafe. It is also dynamically constructed at the time of access, so that different users will be delivered different exploits and potentially different malware depending on their environment.
ScanSafe has also discovered that Gumblar is installing PHP backdoors on the compromised web sites, and using the sites as the actual malware host. This makes it exceptionally difficult to shut down.
"When a typical outbreak of web site compromises occurs, there are generally only a few actual malware domains involved," explained Landesman.
"In the case of Gumblar, a conservative estimate suggests that there are at least 2,000 'backdoored' web sites serving as malware hosts. As a result, there are few points at which to target efforts to shut down the source of the malware."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.