Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    Gumblar.{BLOCKED}, the domain to which visitors of reported compromised websites were directed to was taken down, only to be replaced by a new one: Martuz.{BLOCKED}.

    gumblar_finds_successorIn an attack which quickly garnered much attention in the security industry, visiting compromised websites were found to redirect the user to Martuz.{BLOCKED}, which leads to a download of a file in users’ systems. It then uses Adobe PDF and Flash player vulnerabilities to gain system access. Once installed, the malware is able to steal stored passwords, which it delivers back to its creators via FTP. These stolen passwords may ultimately lead to the unauthorized tampering of the user’s web server files, wherein obfuscated JavaScript is inserted into several files. The vandalized pages containing the JavaScript now become the malware author’s newest redirectors, continuing the vicious cycle of information stealing. Additionally, the malicious file poisons the results of Google searches conducted by the user of the affected system, thus leading them to more malicious domains.

    Our engineers are still in the process of analyzing the said malicious file. In the meantime, Trend Micro detects the redirecting scripts as HTML_JSREDIR.AE and HTML_REDIR.AC. Injected scripts vary for each infected page, and the exact epicenter of the attack is still yet to be determined.

    Using a browser other than Internet Explorer may help minimize the risk of getting infected, and updating software to address vulnerabilities is a must. Site owners should do an immediate cleanup if an infection is detected, and passwords should be changed as soon as possible.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice