So the new wave of Gumblar attacks are starting to come in at an alarming rate. From where I sit, it is just as effective as any previous wave as far as the amount of new compromises I have seen due to the highly successful trend. Gumblar, using current exploitable vulnerabilities in Adobe products has made an impressive comeback from being quiet for a few weeks. Attacking web developers and site managers local workstations, the malicious software installs a credential sniffing application looking for FTP login information and forwarding this vital data to a destination of the hackers preference.
The new wave has evolved, placing the malicious java script locally on the webserver making it more illusive and difficult to detect from the conventional user. It also looks like the evolution is continuing with pointing all malicious links to legitimate websites who were infected with the malicious payload to assist with fooling the user and detection from services such as google safe browsing. This to me is a huge step in the evolution of this malicious trend. With the success of these attacks, you start to realize that this particular trend of attack is not going to disappear any time soon, Especially with new browser protection features being implemented such as the Content Security Policy.
I was going to provide a list of all recent domains that the attackers are using, however they are legitimate sites and unless i point to the actual malicious script, it would be useless.
In a quick closing, my steps to help prevent this particular type of attack still stand (LINK).
Posts
0 comments:
Post a Comment