The Gumblar attack is continuing to hit websites with new variants detected in Japan.
Mary Landesman, senior security researcher at ScanSafe, claimed she had received correspondence claiming that the research on Gumblar ‘sounded very much like the GENO reports that had also been circulating in Japan. And as it turns out, indeed they were the same.'
“ScanSafe termed the compromises Gumblar because that was the name of the second stage malware domain used. Security folks in Japan termed the compromises GENO because one of the more high profile victims of the compromises in Japan apparently was a site named GENO. Unfortunately for our friends in Japan, it appears these Gumblar/GENO compromises are causing just as much headache there,” said Landesman.
ScanSafe also claimed that the infection has created a growing botnet of compromised websites, as even with a dip in traffic over the weekend, the amount of compromised websites grew by a further ten per cent since last Friday. This is up by a total of 246 per cent from when it first began tracking the increase just over a week ago.
The exploit has also reached the attention of US-CERT, which encouraged users and administrators to apply software updates in a timely manner and use up-to-date anti-virus software to help mitigate the risks.