May 21, 2009

Experts offer tips to deal with Gumblar malware

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.

Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated. That is, it can be different on every site, or even every page on a site.

“This is just the most recent example of legitimate sites being exploited to spread malware,” Samantha Madrid, a Cisco security product manager, told SCMagazineUS.com on Thursday. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.”

To deal with the problem, Cisco offers five tips to enterprises and web sites to deal with the problem: Make sure security protection is implemented for web servers and web applications. Also, educate and alert users to pay attention to pop-ups that warn them if they're about to proceed to a questionable site. In addition, it is important to include client-side protection to establish a layered defense. Organizations also should install gateway security that is capable of drilling down into every internet access request. And make sure perimeters are secured with auditable firewalls.
 
Other researchers have added their own advice. Brian Monkman, web application firewall program manager for ICSA Labs, a testing and certification lab, put together a few tips in an email to SCMagazineUS.com. He explained that the biggest threat is the targeting of web servers that can be compromised to become a host, thus a properly configured web application firewall will mitigate against the threat. He also said that added protection is easily realized by disabling FTP access. Also, its vital that organizations should remind end-users of basic security principles regarding passwords and immediately force password changes. And any exchange of credentials should be done using encryption (HTTPS), never in the clear.

Tom Newton, product manager at network security vendor SmoothWall, emailed these tips for those using FTP: Stop. Think. Ask hosting organizations if there is a more secure alternative, such as SFTP, for example. He also said that when using standard content management system (CMS) or forum software, keep it up to date, and be aware of new vulnerabilities. In addition, keep on top of passwords -- don't save them, unless they are encrypted, and make sure site components do not use default passwords

For its part, US-CERT, on its web page, encouraged users and administrators to apply software updates in a timely manner and use up-to-date anti-virus software to help mitigate Gumblar risks.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.