The Gumblar/Martuz epidemic is currently on decline. Comparing with the last week, this week Unmask Parasites registers only a small fraction of Gumblar infected web sites. And I don’t see any new script mutations.
“Martuz .cn” domain no longer resolve and “gumblar .cn” is defunct (the domain is currently parked). This has stopped the surge of new infections. And the increased global awareness helped webmasters identify the problem and get rid of it.
Nonetheless, I can still see that many websites recovered from the gumblar/martuz attack are still blacklisted by Google. Their Safe Browsing diagnostic pages say something like:
“Malicious software is hosted on 1 domain(s), including martuz .cn/.”
“Malicious software is hosted on 1 domain(s), including gumblar .cn/.”
Their search results are labeled with the “This site may harm your computer” warning. Many browsers (FireFox 3, Safari, Google Chrome) won’t let visitors browse those sites displaying the “Reported Attack Site” warning.
Looking at the last visit date on the diagnostic pages, I see that webmasters didn’t request a review via Google’s Webmaster Tools.
Just a reminder: If your site is blacklisted by Google, clean up the site and request a review. Here you will find all the information you need about it.
I want to stress a few facts about the review process.
And a few more words to owners of websites recovered from the gumblar/martuz attack. If you requested the review, but it came back with a warning that your site is still infected, the chances are you haven’t removed the malicious code from all files.
This attack was very sophisticated. It modified many files, created backdoor scripts and changed directory permissions. Even if Unmask Parasites doesn’t detect any suspicious scripts in your web pages, the site can still be infected if you didn’t clean external .js files (they are not checked by Unmask Parasites). You can find more details about the exploit and what it takes to get rid of it in this article. Make sure to read comments – they add much value to the article.