Talk:Gumblar

Computer Security: Computing Low‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Comments[edit]

The article on Gumblar should not be deleted for a multitude of reasons. The virus is considered one of the most powerful ever encountered and was covered as such by both the Guardian and CBS news to name two sources. There are many across the web that go so far as to directly compare it to the infamous Conficker virus, which has its own page. While the information on the page is not currently a comprehensive analysis of the virus that is not because it is not worth having an article about but merely because the article has existed for a small amount of time and has not had a n oppurtunity to grow. I started the article not just to inform but also to learn, I put a medium out there so that as a community Wikipedia users can continuously update one another on the nature of the virus and ways to combat it and believe that deleting it now prevents us from learning more about and further preventing the spread of this malicious virus. -Brian Silberberg

How do you detect Gumblar? I'm using [CLAM AntiVirus], but i can't find any hint on wether or not it will detect Gumblar. Clam claims it's virus database is updated every few hours. On other pages i read Gumlar is very tough to detect. Who's had any luck with this and if so, does this deserve a place on the article? Thanks - bart —Preceding unsigned comment added by Burt777 (talk • contribs) 13:34, 13 July 2009 (UTC)[reply]

I don't have the time to update it tidily myself; but leaving 'a single file on the server' cannot cause re-infection. I've since removed that section from the wiki page.

On the server side, it's just redirect code that is added in to the users website code (mainly infecting .html, .php and .js files as well as creating .htaccess files to redirect users).

If infected files are left behind, it simply means that the website in question will continue to infect other users if they visit it whilst unprotected - it has no impact on the local server itself past that.

Furthermore, Gumblar also enables promiscuous mode on the network card - allowing it to sniff local network traffic on an unswitched network, which alongside stealing saved details - is the the other primary way it gets FTP account details.

81.17.243.212 (talk) 14:39, 13 August 2009 (UTC)[reply]

The latest version is encoded by Zend Encoder, making it harder to detect or analyse. —Preceding unsigned comment added by 213.208.116.72 (talk) 09:13, 28 January 2010 (UTC)[reply]

Removed a strange and irrelevant link[edit]

I removed this URL from the references section:

hxxp://www.glocalizationbiz.com/advanced_search_result.php?keywords=GAPS&Submit.x=8&Submit.y=7&Submit=Submit/

with anchor text GATEWAY ACCESS PERMISSION SYSTEMS (GAPS). It did not link anywhere in the Gumblar article, and is spam (or worse). It was added in December 2011. The edit log shows the details. --FeralOink (talk) 01:49, 27 July 2012 (UTC)[reply]