StargateZero 2012 Forum
Welcome, Guest. Please login or register.
July 03, 2010, 10:51:01 AM

Login with username, password and session length
Search:     Advanced search
Welcome to StargateZero 2012, we're glad you found us!
17442 Posts in 3240 Topics by 177 Members
Latest Member: 1Dobert227
* Home Help Login Register
StargateZero 2012 Forum  |  General Category  |  Forum News  |  Topic: Virus advice 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Virus advice  (Read 151 times)
Summer Wine
Global Moderator
Hero Member
*
Offline Offline

Posts: 5108
« on: February 24, 2010, 09:34:28 AM »
From the Noble Realms site which just got hacked

The compromise bears all the hallmarks of a trojan/virus called Gumblar, or is
very similar. More details can be found via Google
(http://www.google.co.uk/search?q=gumblar). As this is something that has
happened because of security issues on customers' computers, we have put
together a reference sheet below, which also contains some advice and tips on
securing your PC.

How trojans work:
-----------------
- user visits a site that has been exploited and downloads a trojan
  from the host sites
- trojan exploits vulnerabilities in unpatched software, especially
  Acrobat Reader and Flash Player
- looks for FTP details in software eg Dreamweaver etc
- hooks into web browser and modifies Google results to modify URLs
  to infected sites
- looks for any html/php/css/js files and adds its code to them ready
  for upload
- changes file/folder permissions if available
- sends any FTP details found to a master server for distribution

Fixes/Tips:
-----------
- run Microsoft Update to update your copy of Windows
- update Acrobat Reader and Flash Player immediately, both available
  from http://www.adobe.com. Gumblar targets these programs directly to
  exploit known security holes
- update all your software. Secunia PSI (http://secunia.com/PSISetup.exe)
  will help identify out-of-date software and offer solutions
- update and run AV software across all drives immediately
- don't store FTP details in any software
- manually edit any local web site files to remove malicious code
- check and remove any numerical files eg 63547.php or any image.php
  files that seem to be suspect
- log in to CP and change any and all passwords to secure randomised
  ones. If you need to keep them, write them on paper. Do not store them
  in the FTP software
- download and patch any 3rd party scripts eg Joomla, Wordpress etc
- reupload clean code
- make sure permissions are maximum 755 (folders) and 644 (files)
- It may be a good idea to also use the vulnerability scanner at the link
  below to make sure that all commonly targeted applications installed on your PC
  are up to date.
http://secunia.com/vulnerability_scanning/online/


What to do next:
----------------
We recommend that you keep FTP access disabled until you next need to upload
files, then disable it again when you have finished.
 
We also recommend passwords of at least 8 characters, which contain a mix of
upper- and lower-case letters, numbers and symbols, similar to the password
that we have randomly created for you in this email.

Remember to change the password in your email clients as well so that you can
continue to access your mailbox for the username nobledreams.co.uk

Should you have any questions about this issue, please do not hesitate to
contact us, and we will be happy to provide more information or assistance as
required.

Regards

Namesco Technical Support Team
Logged
Albert Camus:

"In the midst of winter, I finally learned there was in me an invincible summer."
Pages: [1] Go Up Print 
StargateZero 2012 Forum  |  General Category  |  Forum News  |  Topic: Virus advice « previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
Page created in 0.269 seconds with 19 queries.