Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Anybody had any dealings with Gumblar?

Anybody had any dealings with Gumblar?

RE: Anybody had any dealings with Gumblar?

Sorry, or better said, I am glad I haven't had the pleasure to meet this baddy...

here is the reason why:


Who is at risk?
Users of Internet Explorer and Google's search engine.
As I am a 99.5% user of FireFox, and only use IE for Windows Update site...

"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

RE: Anybody had any dealings with Gumblar?

Gumblar, eh?

Well I do know that you got to know when to hold 'em, know when to fold 'em. You should also know when to walk away and know when to run.

It's also helpful if you never count your money when you're sittin' at the table. After all, there'll be time enough for countin' when the dealin's done.

Thanks, everyone! I'll be here all week! Be sure to tip your waitress.

Glen - Sorry I don't have anything helpful to offer. Good luck, though.

    The plural of anecdote is not data

Help us help you. Please read FAQ 181-2886 before posting.

RE: Anybody had any dealings with Gumblar?

This article tells you how to determine if you're infected.

Scroll up in the article for info on how Gumblar operates.  From the looks of it, the only true way to tell if you're infected is to analyze the sqlsodbc.chm file in the c:\windows\system32 folder.  There may, or may not, be other symptoms.

Hope this helps.

Please help us help you.  Read How can I maximize my chances of getting an answer? before posting.

RE: Anybody had any dealings with Gumblar?

Funny, even Security Focus doesn't have much.


Grumblar drive-by download attacks surge
Published: 2009-05-22

Security firms and the U.S. Computer Emergency Readiness Team (US-CERT) warned this week of a series of attacks that has compromised Web sites and then used the infected sites to spread malware.

The malware behind the attacks — known variously as Grumblar, Martuz and JSRedir — involves at least two pieces of malicious software in a multi-stage attack: The first is placed on Web sites compromised through, what security analysts believe, are stolen FTP credentials, and the second redirects victims who visit the compromised site to a different malicious Web site that infects their computers. Once an end user's system is infected, the malicious software steals any FTP credentials, installs fake security software, and redirects some Google searches to potentially malicious sites.

The attacks, first detected in March, spiked earlier this month, surpassing 40 percent of all Web-based attacks, according to security firm Sophos. While Web sites compromised by the attacks doubled every day last week, this week, the malicious scripts appear to be spreading more slowly, according to Web security firm ScanSafe.

"The good news is that the attackers may just be finding it hard to do business," Mary Landesman, senior security researcher with ScanSafe, said on the company's blog. "While detection from signature vendors and Web crawlers still remains quite low and the number of compromises increases as a result, the attention focused on the attacks via the media and security community at large is helping to get the malware domains shutdown rather quickly."

While the attack uses domain names based in China, the actual IP addresses lead back to Russia, researchers stated.

According to security analyst Andrew Martin, Grumblar steals FTP credentials, sends spam, installs fake antivirus software, hijacks Google search queries, and disables security software.

If you have tips or insights on this topic, please contact SecurityFocus.

Either it's not doing as much damage as they thought it was going to do, or it's hiding better than they thought it could.  The latter is not good since it steals your credit card numbers if it infects your home pc's.  Update your anti-virus software gang, and start using Firefox if you don't.  



Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close