Gumblar compromises clients using 2 different exploits. The first is a Adobe Acrobat PDF exploit CVE-2008-2992 and the second is a Adobe Flash exploit. Unfortunately I haven’t been able to figure out which Flash exploit is employed as decoding flash is not an expertise of mine.
Here is the Wepawet output of the exploit script employed [...]
|
|||||
|
I first found out about Gumblar a couple days ago via one of Scan Safe’s blog posts. Responsible for 42% of “all malicious infections found on websites” (Sophos) during a 7 day period, Gumblar (JSRedir-R) has been extremely effective at propagating. Many bloggers have been focusing on the script involved in the attack, not so [...] |
|||||
|
Copyright © 2010 Andrew Martin - All Rights Reserved |
|||||