Adobe product exploits on your local computer can compromise your servers - X Nations
      
      
Go Back   X Nations > X Nations > General Webmaster Business and Discussions

Reply
 
Thread Tools Display Modes
Old 05-30-2009, 11:51 AM   #1
Brad Mitchell
Brad Mitchell should edit this
Integrity and Innovation
 
Join Date: Aug 2002
Location: Michigan
Posts: 103
xBucks: 4,623
Send a message via ICQ to Brad Mitchell
Exclamation Adobe product exploits on your local computer can compromise your servers

I have just sent this to all of our customers and wanted to bring the exploit to the whole community's attention as this is something that can affect everyone at all hosts. Best wishes to all and enjoy your weekend.



Dear Clients,

We have caught something early and fortunately, for 99% of you, this will likely mean that you have not been a victim yet. To give this scenario perspective, in the last week we have identified approximately 3 clients where in the final analysis it was determined this exploit of client side software has been the culprit.

If you are not running the most recently patched versions of Adobe Acrobat and Adobe Flash Player you are at risk for compromising your web sites. A recently discovered vulnerability in this software which runs locally on your computer can lead to malware stealing your FTP credentials with the potential for much more. This poses a significant security risk to your server and web sites, leading to attackers using client FTP credentials to deface web sites and insert malicious code which can exploit things further. Below is a description of the risk from the United States Computer Emergency Readiness Team.

Here are two quick links to update your versions:
http://get.adobe.com/flashplayer/
http://get.adobe.com/reader/

Lastly, please be sure that you are up to date with good antivirus software on your local computer. If you discover by surfing any of your web sites that they have been affected, please enter a support ticket and our team can help to mitigate any damage done and issue new FTP/other credentials. It is crucial that your local software and virus protection be up to date and this unexpected exploit of everyday software is a lesson to everybody about just how fragile things truly can be.

---------------------------------------------------------------------
Information as published on: http://www.us-cert.gov/current/

Gumblar Malware Exploit Circulating
added May 18, 2009 at 12:47 pm

US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc. The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.

US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate the risks.

US-CERT will provide additional information as it becomes available.
---------------------------------------------------------------------


Sincerely,

Brad Mitchell, CEO
MojoHost
888-345-MOJO Toll Free
248-233-2045 International
ICQ #56950199
__________________
Owner, MojoHost | brad@mojohost.com
Toll Free 888-345-MOJO x801 | ICQ #56950199
Brad Mitchell is offline   Reply With Quote
Old 06-01-2009, 01:22 PM   #2
Itchy
Itchy is hardcore
4:20 Freak
 
Itchy's Avatar
 
Join Date: Sep 2004
Location: Chilliwack
Posts: 587
xBucks: 22,259
Send a message via ICQ to Itchy
Default

Thanks just updated both !
__________________

www.datetronix.com

itchy||@||datetronix.com
Skype: Pornocop
ICQ: 2588560
Itchy is offline   Reply With Quote
Old 06-01-2009, 03:26 PM   #3
Nikki_Licks
Nikki_Licks should edit this
Citizen X
 
Nikki_Licks's Avatar
 
Join Date: Dec 2008
Location: Phoenix, Arizona
Posts: 34
xBucks: 1,223
Default

I have run NOD32 for a couple of years now and the other day I was prompted to renew my antivirus...I procrastinated for a few days and ended up getting hit with this malware. Damn!!!
I was able to get in and stop the timer that constantly rebooted my system so I could move valuable info to external HD's.
Today we will be reformatting....This stuff sucks for sure.
__________________
Exclusive Amateur Content
ICQ: 292 356 077 | Email: admin@customcontentshooter.com| WhosWho|
Nikki_Licks is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
2013 - xnations.com
All times are GMT -4. The time now is 09:41 PM.
Skin by vBCore.com