US-CERT Current Activity Gumblar Malware Exploit Circulating Original release date: May 18, 2009 at 12:47 pm Last revised: May 18, 2009 at 12:47 pm US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc. The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user. US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate the risks. US-CERT will provide additional information as it becomes available. ==== This entry is available at http://www.us-cert.gov/current/index.html#gumblar_malware_attack_circulating Produced 2009 by US-CERT, a government organization. Note: Posted according to copyright permissions of US-CERT (United States Computer Emergency Readiness Team) Purpose of Posting -- To help others keep their genealogy computers healthy.