Tweet Week: March 8-14, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: Feb 15-21, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Gumblar zombies, StopBadware reports, WordPress updates … »»
List of Gumblar Zombie URLs
My list of Gumblar zombie URLs that I originally posted and updated in the Revenge of Gumblar Zombies article, have already reached the size of 600+ items, which makes the web page too heavy.
I decided to move this list to a separate page to make the original post less cluttered. At the same time the list should remain searchable via major search engines and webmasters of compromised sites will be able to find this page that contains a direct link to the post with Gumblar infection details and removal instructions.
Gumblar infection is pretty sophisticated and removing the malicious code is usually not enough to completely clean up your site. If this page contains a URL that was a part of the suspicious code injected into your sites’ web pages and .js files, make sure to read the following post.
The list »»
Tweet Week: Nov 30 – Dec 6, 2009
Selected short messages and links you might have missed if you don’t follow me on Twitter.
IE and Typo3 vulnerabilities, WordPress attack, Twitter API in malicious scripts »»
Tweet Week: Nov 9-15, 2009
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: Nov 2-8, 2009
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Nov 2, 2009
Mal/Iframe-N: Another winning infection? – Sophos on malicious iframes (with references to my blog posts)
Nov 3, 2009
[link:cantonbecker.com] How to search for ‘backdoors’ in a hacked WordPress site
Nov 5, 2009
Story about Gumblar breaking WordPress on The New York Times site – based on my latest blogpost. Thanks @bobmcmillan
[link:h-online.com] new security patches for Java and Shockwave Player
Nov 6, 2009
SCMagazine mentions my blog in their article “Gumblar site infections return, WordPress among affected“
Found an AdSense ad that offers to download pirated version of Avast Pro (probably infected). Reported it to Google. (lifeplain .com is a scam)
If you want more real-time experience, you can follow @unmaskparasites on Twitter.
Similar posts:
Gumblar Breaks WordPress blogs and other complex PHP sites
Not only iframe infections can corrupt websites. It appears that the current version of Gumbar effectively breaks WordPress blogs.
Here’s the story »»
Revenge of Gumblar Zombies
Do you remember Gumblar? The massive hacker attack that managed to infect more than a hundred thousand legitimate web sites in a very short time this May? The infection was relatively easy to detect but very hard to completely get rid of. It infected various types of files and created backdoor scripts in inconspicuous places of websites so that hackers could easily restore the malicious content.
The gumblar .cn site (and its immediate successor martuz .cn) had been promptly shut down. As a result,the malicious script injected into hacked websites became harmless for site visitors. However, many webmasters failed to properly clean up their sites after the Gumblar infection, leaving the backdoor scripts intact. It was predicted that hackers would find the way to utilize this army of potentially controllable websites. Now, five months later, we see a new surge of a massive attack that resembles Gumblar in many aspects.
Continue »»
Gumblar/Martuz Aftermath
The Gumblar/Martuz epidemic is currently on decline. Comparing with the last week, this week Unmask Parasites registers only a small fraction of Gumblar infected web sites. And I don’t see any new script mutations.
“Martuz .cn” domain no longer resolve and “gumblar .cn” is defunct (the domain is currently parked). This has stopped the surge of new infections. And the increased global awareness helped webmasters identify the problem and get rid of it.
Recovered sites are still blacklisted
Nonetheless, I can still see that many websites recovered from the gumblar/martuz attack are still blacklisted by Google. Their Safe Browsing diagnostic pages say something like:
Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
