Monday
May182009
JSRedir-R/Gumblar The underlying problem!!
Paul Sylvester
Some people have made comments about there website being hosted to Malware injection into there site. I've been seing a Lot of talk about JSRedir-R/Gumblar found to be the biggest malware threat on the Web. They estimate that it is 42% of infected websites to be carrying this malware threat, last week. I have heard some think it is weak login creditals.
[ad]See the Graph from Sophos about the percentage. I also wanted to tell people how to identify if you have the infection or not. This is very important to check because people are letting this Malware spread and all.
I on the other hand think the way this is spreading is a Cross Site Scripting vulnerability for these websites but there are a few websites that do keep your login cache on your system. I would recommend if your a web site owner to have your cache deleted everytime you exit your web browser. This should in theory help prevent Cross Site scripting and Website owners should also either buy [intlink id="2205" type="page"]Anti-virus and Firewall software or install the Free version[/intlink] to better protect your website.
Just like the[intlink id="3308" type="post"]Twitter Cross Site Scripting tom foolery [/intlink]this is my theory on how websites are being injected with this malware. It is however just a theory. I was never logged into my account on twitter through my web browser when this happened and that is what kept me from spreading it to my Twitter users. You should also consider always logging off your web site when your done doing what you do! Just my thoughts on the matter, Remember only you can prevent from getting a Virus.
[ad]See the Graph from Sophos about the percentage. I also wanted to tell people how to identify if you have the infection or not. This is very important to check because people are letting this Malware spread and all.
I on the other hand think the way this is spreading is a Cross Site Scripting vulnerability for these websites but there are a few websites that do keep your login cache on your system. I would recommend if your a web site owner to have your cache deleted everytime you exit your web browser. This should in theory help prevent Cross Site scripting and Website owners should also either buy [intlink id="2205" type="page"]Anti-virus and Firewall software or install the Free version[/intlink] to better protect your website.
Just like the[intlink id="3308" type="post"]Twitter Cross Site Scripting tom foolery [/intlink]this is my theory on how websites are being injected with this malware. It is however just a theory. I was never logged into my account on twitter through my web browser when this happened and that is what kept me from spreading it to my Twitter users. You should also consider always logging off your web site when your done doing what you do! Just my thoughts on the matter, Remember only you can prevent from getting a Virus.
Reader Comments