Web Site Hijack Morphs, Continues to Grow

19.05.2009
In an attempt to stay one step ahead of security companies, the has jumped over to using a new domain to pull its malicious software.

Gumblar, so-named because it infected benign Web sites with attack code that attempted to install malware from a "gumblar" domain onto visitor's computers, has switched to using a "martuz" domain instead, , which originally reported the attack. Symantec in its own post.

The attack, which primarily uses stolen FTP logins to spread itself to new sites, continues to spread , but ScanSafe says its growth appears to be . If you run your own Web site, the company suggested using a free scanning service that can help identify whether your site has been hijacked by Gumblar or another drive-by-download attack. The useful service is still in beta, and will only report Gumblar-hijacked sites as suspicious, according to Gumblar, but it will catch an infected site.

To guard your own PC against the Gumblar attack code, see about the exploits used in the assault. Most importantly, make sure you have the latest Adobe, Flash and Windows patches.