Dan Pezet

Grumbling about Gumblar

There’s a nasty virus out there. It is especially for people who build websites. If you visit an infected site, it installs something on your computer that really just slows your computer down. It is content to eat your system resources while it waits for its real mission. It patiently waits until you ftp a file to your webserver (ftp is a program used to upload files to your web page). When it sees that you have an open ftp session, it attacks. It adds a little piece of code to the end of hundreds of files and it does all this in the background so that you will not know it. The code adds invisible links to your website so that all of your visitors will be redirected to a server somewhere in Russia.

This virus (actually malware) is called Gumblar, and thankfully, the Russian websites had been taken down, so our visitors did not get redirected to them. The worst that would have happened to any of our visitors would have been their virus protection going nuts. If you have visited churchandtea or simplycindyblog, in the past few days and did not get a virus warning, it’s time for a new antivirus program! Norton did not pick this virus up. Kaspersky did. I have spent many hours over the past few days trying to get our websites back up and running properly.

Please note, that the virus that was on this site has never been active, and has not been a threat to any visitors. Only its signature was left behind. In other words, if you visited our sites last week, you are safe 🙂

Anyway, I have now replaced every file with fresh files, and cleaned all of our custom files by hand, so I think it might be gone. It seems to have worked. I think our computers and websites are going to be better for the experience. I have beefed up security tenfold. Now I am going to start doing regular backups, too!