What On Earth Is Gumblar

The chances are that you have never heard of the term "Gumblar." In the online world, this terminology is used to describe a number of similar Trojan viruses. The term got its colourful name when it was initially discovered that a virus was able to redirect a web user's Internet browser to a website of the same name. In this case Gumblar.CN, a site no longer in existence. You may not have heard of this style of infection, and while activity was quite considerable at one time, we thought that its presence was beginning to subside. Speaking too soon, Kaspersy Labs have recently been able to identify two brand-new variants -- the "x" and "w." It's worth taking a look at the Gumblar problem, to make ourselves aware of how Trojan viruses such as this can infiltrate our web activities.

Fundamentally, you have to visit an infected website to pick up this virus. It's as simple as that -- you simply have to visit the site and open it in your browser for the infection to take place. You don't have to actively interact by clicking on a link or some other action, anymore. This is the worst kind of infection, as you don't know anything about it. You will not be aware that anything unfortunate has happened and this is how Gumblar and other Trojans work with the scripting language to do their damage.

The first thing that Gumblar does is to look for your authentication information. You may have some credentials stored in your browser cache, or displayed within your favourite FTP resource. It's even able to access some of this information from a straightforward spreadsheet data file, as well. While there is very little that the infection cannot reveal, it looks as if the people who write these things are interested in harvesting your FTP login information or your website administration details. When information is revealed it is sent in an automatic process to a "hack" site, without your knowledge. Websites that you have administration privileges for are vulnerable and Trojan code is placed inside the PHP and HTML pages on the sites by the hacker. These infected webpages are uploaded back to your website, raising the risk of infection for the next visitor.

This kind of procedure is almost instantaneous and can spread like wildfire, as you can imagine. Thousands of sites and millions of users can be affected in a very short period of time. This can be very embarrassing, if you inadvertently infect your clients in this way. Potentially even more damaging is the possibility of being delisted by the major search engines. If your site is rated negatively as a consequence of previous infection, certain resources may end up warning potential visitors not to visit your web pages as a consequence. McAfee's Site Advisor is a particular browser add-on that is set up to do just that. Before you know it, your company will have built up a repetition for "malware." This is not a reputation that you want!

Be wary of Gumblar, as it appears that a small business is particularly vulnerable. This kind of Trojan activity has been known to affect large organisations as well, with highly publicised cases affecting organisations such as Coldwell Banker, as a prime example.