Gumblar.cn
Gumblar.cn was the first domain discovered that was creating and managing the Gumblar attack. Gumblar.cn has now been closed down, as has the next in line, but it is thought that the virus makers have a whole host of domains and servers to utilise. To put simply, Gumblar steals FTP passwords from web designers and site managers, then uses them to connect to website servers, and edit .html .php and .js pages. It targets index files as well as creating files in image directories, and even modifies webalizer and awstats files given the chance. These are likely to be the backdoors.
Once Gumblar has infected a webserver, the website on that server becomes a carrier, and spreads the virus to new computers. Anyone browsing an infected website can pick up the virus. It utilises vulnerabilities in Adobe Flash and Adobe Reader in order to install itself on a PC.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.