Toggle navigation Home Store Browse All ----- Webhosting Domains Quotation (Webdesign Services) eMail Hosting SEO- Search Engine Optimisation GRAPHIC DESIGN Dedicated/ VPS Webhosting BULKSMS Mobi Applications Website Maintenance Register a New Domain Transfer Domains to Us Announcements Knowledgebase Network Status Affiliates Contact Us Account Login Register ----- Forgot Password? Categories 9 CGI Scripts 34 Databases 28 Dedicated Servers 1 DNS 15 Domains 5 eCommerce 79 eMails 27 FTP 1 General Issues 1 MX Records 1 Nameservers 28 Other 104 Scripting 254 Web Hosting Control Panel 9 Web Resources 8 Web Stats & Logs 11 Web Tools 8 Website Help and Diagnostics 4 Windows Hosting Categories CGI Scripts (9) Databases (34) Dedicated Servers (28) DNS (1) Domains (15) eCommerce (5) eMails (79) FTP (27) General Issues (1) MX Records (1) Nameservers (1) Other (28) Scripting (104) Web Hosting Control Panel (254) Web Resources (9) Web Stats & Logs (8) Web Tools (11) Website Help and Diagnostics (8) Windows Hosting (4) [FTP1.02] Gumblar or Troj/JSRedir-R FTP Virus Known as Gumblar by ScanSafe and Troj/JSRedir-R by Sophos, this computer virus first appeared in 2009. It is characterized by re-directing user's Google searches and is suspected to come from Adobe Flash and PDF files. Personal Computers Visitors to an infected site will be redirected to an alternative site containing further Malware, which was once gumblar.cn, but has now switched to a variety of domains. The site sends the visitor an infected PDF that is opened by the visitor's browser or Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer. The virus will find FTP clients such as FileZilla and Dreamweaver and download the clients' stored passwords. It also enabled promiscuous mode on the network card, allowing it to sniff local network traffic for FTP details. It is one of the first viruses to incorporate an automated network sniffer. Servers Using passwords obtained from site admins, the host site will access a website via FTP and infect the website. It will download large portions of the website and inject malicious code into the website's files before uploading the files back onto the server. The code is inserted into any file that contains a <body> tag, such as HTML, PHP, JavaScript, ASP and ASPx files. The inserted PHP code contains base64-encoded JavaScript that will infect computers that execute the code. In addition, some pages may have inline frames inserted into them. Typically, iframe code contains hidden links to certain malicious websites. The virus will also modify .htaccess and HOSTS files, and create images.php files in directories named 'images'. The infection is not a server-wide exploit. It will only infect sites on the server that it has passwords to. Gumblar variants Different companies use different names for gumblar and variants.. Initially, the malware was connecting to gumblar.cn domain but this server was shutdown later. However, many badware variants have emerged after that and they connect to various malicious servers via iframe code. Whatever be the nature of gumblar variants, all of them can be categorized as iframe virus. Gumblar resurfaced in January 2010, stealing FTP usernames and passwords and infects HTML, PHP and Javascript files on webservers to help spread itself. A solution called FTP Lock has been introduced. Please search for: [FTP1.01] New "FTP Lock" Security Measure for more information about the virus, please read: http://en.wikipedia.org/wiki/Gumblar Was this answer helpful? Yes No Print this Article Also Read [FTP4.05] Why am I getting Error 530. Maximum number of users (3) when trying to connect via FTP? You will see this error when an attempt is made to exceed the limit of 3 concurrent FTP... [FTP2.11] I am unable to connect with FTP. Your FTP account may be locked, for more information, consult the article on FTP locking. All... [FTP2.02] Why can't I upload large files with FTP? FTP uploads are limited to 200MB per file. (NOTE that this is as of 06 Dec 2010. By the time you... [FTP4.01] What is FTP? FTP (File Transfer Protocol) is the simplest and most secure way to exchange files over the... [FTP2.03] I'm trying to upload a large file onto my webspace, and the file manager inside the Control Panel won't let me. Why? This is due to the nature of the web based FTP used, and your browser/ISP connection timing out... Support My Support Tickets Announcements Knowledgebase Downloads Network Status Open Ticket × Close Title Loading...