1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Gumblar Command and Control Redirect

Web Attack: Gumblar Command and Control Redirect

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

You have attempted to visit a known malicious IP address. Visiting this web site could potentially put you at risk to becoming infected. Symantec's Network Threat Protection solution has prevented any potential infection attempts from occurring. You should not have to take any additional actions and are safe from infection. It is recommended that you do NOT visit this site.

Additional Information

You have been prevented from accessing a known malicious IP address. It is recommended that you do NOT visit this site.

This protection prevents access to potentially malicious IP addresses that are known to be associated with malware, viruses, misleading applications such as fake antivirus or fake codecs. You should not have to take any additional actions as you have been prevented from visiting the malicious IP address. Symantec's Network Threat Protection solution has prevented any potential infection attempts from occurring.

Users can be silently infected just by visiting a web site with attacks known as drive-by downloads or social engineering attacks where misleading applications can attempt to trick users into installing fake antivirus solutions or fake video players.

For more information on social engineering attacks using FakeAV, please see this information.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-101013-3606-99

Misleading applications intentionally misrepresent the security status of a computer. Misleading applications attempt to convince the user that he or she must remove potentially malware or security risks (usually nonexistent or fake) from the computer. The application will hold the user hostage by refusing to allow him or her to remove or fix the phantom problems until the 'required' software is purchased and installed. Misleading applications often look convincing - the programs may look like legitimate security programs and often have corresponding websites with user testimonials, lists of features, etc.

Affected

  • All Products

Response

No additional steps are needed. Symantec's Network Threat Protection solution has prevented any potential infection attempts from occurring.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube