May 21, 2009

Experts offer tips to deal with Gumblar malware

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.

Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated. That is, it can be different on every site, or even every page on a site.

“This is just the most recent example of legitimate sites being exploited to spread malware,” Samantha Madrid, a Cisco security product manager, told SCMagazineUS.com on Thursday. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.”

To deal with the problem, Cisco offers five tips to enterprises and web sites to deal with the problem: Make sure security protection is implemented for web servers and web applications. Also, educate and alert users to pay attention to pop-ups that warn them if they're about to proceed to a questionable site. In addition, it is important to include client-side protection to establish a layered defense. Organizations also should install gateway security that is capable of drilling down into every internet access request. And make sure perimeters are secured with auditable firewalls.
 
Other researchers have added their own advice. Brian Monkman, web application firewall program manager for ICSA Labs, a testing and certification lab, put together a few tips in an email to SCMagazineUS.com. He explained that the biggest threat is the targeting of web servers that can be compromised to become a host, thus a properly configured web application firewall will mitigate against the threat. He also said that added protection is easily realized by disabling FTP access. Also, its vital that organizations should remind end-users of basic security principles regarding passwords and immediately force password changes. And any exchange of credentials should be done using encryption (HTTPS), never in the clear.

Tom Newton, product manager at network security vendor SmoothWall, emailed these tips for those using FTP: Stop. Think. Ask hosting organizations if there is a more secure alternative, such as SFTP, for example. He also said that when using standard content management system (CMS) or forum software, keep it up to date, and be aware of new vulnerabilities. In addition, keep on top of passwords -- don't save them, unless they are encrypted, and make sure site components do not use default passwords

For its part, US-CERT, on its web page, encouraged users and administrators to apply software updates in a timely manner and use up-to-date anti-virus software to help mitigate Gumblar risks.

Related Articles
Related Topics

Sign up to our newsletters

More in News

Oracle releases Java update to close 37 high-risk vulnerabilities

Updates for the software platform will now arrive on a quarterly basis, beginning in October.

Flaw in BlackBerry Protect app addressed, impacts Z10 smartphone users

To exploit the vulnerability, an intruder would need a user's device password and a bit of skill to access troves of data on the phone.

Tor to blame for its users being unable to access Facebook

Malicious activity on the anonymity software's network tripped Facebook's "site integrity systems."