Posts Comments

Recent Posts

Gumblar is back or never left

October 22, 2009 by theipsguy · Leave a Comment

ISS X-Force has raised the AlertCon to 2 because of increased Gumblar activity. Gumblar has updated the exploits it uses to take advantage of recent Adobe and Microsoft vulnerabilities. Unlike the previous version, the new and improved version hosts the exploits on the compromised web server and infects clients as they visit the website.

Microsoft October Bulletins

http://bit.ly/jg0jh

Adobe Updates

http://bit.ly/49Y6nA

IBM/ISS Signatures to detect Gumblar

http://bit.ly/18avBV

PDF_JavaScript_Exploit
PDF_Obfuscated_Stream
PDF_Encoded_JavaScript_Tag
PDF_JavaScript_Hex
PDF_JavaScript_Detected
PDF_Shellcode_Detected
Multimedia_File_Overflow
JavaScript_Obfuscation_Rue (PDF obfuscation)
Swf_Suspicious_ActionScript (Flash obfuscation)

Filed under IPS · Tagged with Intrusion re

Archives
- March 2010 (2)
- February 2010 (1)
- January 2010 (1)
- December 2009 (4)
- November 2009 (2)
- October 2009 (5)
- September 2009 (3)
- August 2009 (1)
- July 2009 (4)
Blogroll
- Blog Catalog