You may have heard that there’s a nasty PC worm making the rounds on the web, called Gumblar.cn, or more recently, Martuz.cn. This worm can infect your computer by your merely viewing an infected website – no clicking necessary, also known as a “drive-by” infection.
Users of Internet Explorer are particularly vulnerable, but all PC users need to immediately update their anti-virus applications and do a full system scan.
The worm is rapidly affecting thousands of legitimate websites. It’s “drive-by” delivery can go unnoticed by even the savviest computer users (I have been impacted as well – as some of you know). It was also reported that large sites including Tennis.com, Variety.com and Coldwellbanker.com were affected.
What does Gumblar/Martuz do?
If your PC is infected, your Google search results will be corrupted, replaced with links that point to malicious and fraudulent sites. This will be difficult or impossible to notice visually. In addition, it looks for FTP (web server) passcodes, which it will use to infect other websites.
How to prevent getting Gumblar/Martuz?
1. Make absolutely sure your anti-virus is running and completely up-to-date. You should have it on all the time, to allow it to update virus definitions continuously.
2. As a precaution, change your passwords for websites – especially if you use FTP (File Transfer Protocol) to access a webserver. The widely-used open-source FileZilla FTP application seems to be especially vulnerable.
3. It has been reported that vunerabilities in Adobe Reader and Flash Player that are being exploited in the attack. It is recommended that users disable JavaScript in Adobe Reader (or Acrobat) and to upgrade to the latest version of Flash Player.
4. Firefox users, when attempting to view an infected site, will get a stark “Reported Attack Site” warning. Don’t click “ignore this warning” and view the site anyway.
5. Known infected websites will be displayed as “harmful to your computer” in Google search results. Don’t click through.
What to watch for…
Weird search results or unexpected click-thru destinations. If something seems weird, it is. Update and run your anti-virus scan.
For more information, check out these links:
- http://news.cnet.com/8301-1009_3-10244529-83.html
- http://blog.scansafe.com/journal/2009/5/14/gumblar-qa.html
- http://news.zdnet.com/2100-9595_22-303166.html
I hope this is helpful!
