A group program called evil being known Gumblar (JSRedir-R) spread quickly on the internet. Gumblar may hijack search results search engine on the site without the victim. (picture from

DetikINET as quoted from DarkReading, Monday (18/5/2009), researchers from ScanSafe has issued warnings about Gumblar. Collection of programs that evil comes from this website to spread quickly to the site in 2300 when more than one weekend.

Gumblar originally infection quite a few sites that popular, like and Spreading into the broad capabilities of the victim hijack search results.

"For example, users who attempt to visit through Google, may be directed to the bogus sites are very similar. There evil Trojan program will into the computer of the victim," a report ScanSafe.

Furthermore, the analysis results in ScanSafe, mentioned that the Trojan program will be able to control the victim computer Gumblar. One of the attack tactics hijack a browser that is used so that the search results on search sites like Google that lead to the desired site Gumblar.

ScanSafe says Gumblar have a lot of variation in the script used. Malicious programs can lead the victim to visit a particular site in order to increase traffic and ad sites.

Other scenarios are direct users to sites that contain other malicious programs. While the third scenario, which has not been found but is feared, is the direct users of e-commerce site or banking information for purposes such as stealing credit card numbers or online banking password. (Wicak Hidayat - detikinet)

More detail : about Gumblar
Gumblar or JSRedir-R is a trojan malware type, malicious script (script dangerous) to inject that in a website page, and will load a remote malicious content if the page is opened. R-JSRedir will redirect the users to the domain hostingnya that China is in Russia, and then using the PDF and SWF exploit akan try to install the malware detected as Troj / Daonol-fam.

Gumblar also try to redirect search results on the SERP of Google, the links on the Google SERP link will be replaced with a website that contains malicious content and fraudulent. Malcode Gumblar this can also be stolen FTP credentials of the victim computer is infected.

Gumblar can steal confidential information, passwords, financial information, personal and sensitive information from internet users, and Gumblar or JSRedir-R is able to spread six times faster than other malicious programs. So be careful for computer users and website owners, scan your computer from spyware, and then change your FTP password from the computer that if the web server is suspected of being infected by Gumblar. Do not store the password in the program you use to upload files to the server. If possible, use a secure FTP connection (SFTP), and remove malicious code from a file server, the easiest ways is to replace all the files from the server backup your files.

take from many source

Newer Post
This is the last post.


  1. hi interesting post. the group program "evil" sounds scary.

    thanks for the visit and the comment by the way.

  2. the person who created that virus is really evil.....and don't know how to use their brain properly. nice post..keep writing..

  3. Virus sebagai bentuk unjuk gigi....