The IPS Guy » Intrusion re

The IPS Guy » Intrusion re http://theipsguy.com Intrusion Prevention/Detection technologies. Thu, 19 Aug 2010 17:25:29 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Gumblar is back or never left http://theipsguy.com/gumblar-is-back-or-never-left/ http://theipsguy.com/gumblar-is-back-or-never-left/#comments Thu, 22 Oct 2009 19:48:10 +0000 theipsguy http://theipsguy.com/?p=90

ISS X-Force has raised the AlertCon to 2 because of increased Gumblar activity. Gumblar has updated the exploits it uses to take advantage of recent Adobe and Microsoft vulnerabilities. Unlike the previous version, the new and improved version hosts the exploits on the compromised web server and infects clients as they visit the website.

Microsoft October Bulletins

http://bit.ly/jg0jh

Adobe Updates

http://bit.ly/49Y6nA

IBM/ISS Signatures to detect Gumblar

http://bit.ly/18avBV

PDF_JavaScript_Exploit
PDF_Obfuscated_Stream
PDF_Encoded_JavaScript_Tag
PDF_JavaScript_Hex
PDF_JavaScript_Detected
PDF_Shellcode_Detected
Multimedia_File_Overflow
JavaScript_Obfuscation_Rue (PDF obfuscation)
Swf_Suspicious_ActionScript (Flash obfuscation)

]]> http://theipsguy.com/gumblar-is-back-or-never-left/feed/ 0