Gumblar Detection

Discussion in 'ESET NOD32 Antivirus' started by BeanCounter, Aug 6, 2009.

Thread Status:
Not open for further replies.
  1. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    Does NOD32 detect Gumblar, adsttnmq1 attack and variants? If so when was the detection introduced?
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello BeanCounter,

    We have added detection for Gumblar in update 4253.

    Thank you,
    Richard
     
  3. The Chez

    The Chez Registered Member

    Joined:
    Aug 8, 2009
    Posts:
    32
    Just make sure you scan after the update if you suspect infection ;)
     
  4. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    What about the other things the OP asked about?
     
  5. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    good point. Are adsttnmq1 and gumblar the same, variations of the same or something completely different?
     
  6. BeanCounter

    BeanCounter Registered Member

    Joined:
    Apr 8, 2006
    Posts:
    66
    Location:
    Melbourne, Australia
    Someone in another forum came up with this:

    http://www.esuli.it/index.php/2009/03/24/adsttnmq1sdioyslkjs2-attack/

    excerpts from the above:

    "it seems that the problem is not related to the specific software used by the site but to the hosting management platform used by the provider"

    and

    "It is not a DoS attack, the website is not the real target of the attack. The attacked website is just a tool to alter the relevance of words in the Web. The attacker’s interest is that the attacked website continues working without visible alterations."

    Obviously different from gumblar and this explains why none of the PC-oriented AV products seem to be aware of it since PCs are not affected by it.
     
Thread Status:
Not open for further replies.