A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.
“This is just the most recent example of legitimate sites being exploited to spread malware,” Samantha Madrid, a Cisco security product manager, told SCMagazineUS.com on Thursday. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.”
To deal with the problem, Cisco offers five tips to enterprises and web sites to deal with the problem: Make sure security protection is implemented for web servers and web applications. Also, educate and alert users to pay attention to pop-ups that warn them if they’re about to proceed to a questionable site. In addition, it is important to include client-side protection to establish a layered defense. Organizations also should install gateway security that is capable of drilling down into every internet access request. And make sure perimeters are secured with auditable firewalls.
Other researchers have added their own advice. Brian Monkman, web application firewall program manager for ICSA Labs, a testing and certification lab, put together a few tips in an email to SCMagazineUS.com. He explained that the biggest threat is the targeting of web servers that can be compromised to become a host, thus a properly configured web application firewall will mitigate against the threat. He also said that added protection is easily realized by disabling FTP access. Also, its vital that organizations should remind end-users of basic security principles regarding passwords and immediately force password changes. And any exchange of credentials should be done using encryption (HTTPS), never in the clear.
Tom Newton, product manager at network security vendor SmoothWall, emailed these tips for those using FTP: Stop. Think. Ask hosting organizations if there is a more secure alternative, such as SFTP, for example. He also said that when using standard content management system (CMS) or forum software, keep it up to date, and be aware of new vulnerabilities. In addition, keep on top of passwords — don’t save them, unless they are encrypted, and make sure site components do not use default passwords
For its part, US-CERT, on its web page, encouraged users and administrators to apply software updates in a timely manner and use up-to-date anti-virus software to help mitigate Gumblar risks.