|WikiProject Computer Security / Computing|
The article on Gumblar should not be deleted for a multitude of reasons. The virus is considered one of the most powerful ever encountered and was covered as such by both the Guardian and CBS news to name two sources. There are many across the web that go so far as to directly compare it to the infamous Conficker virus, which has its own page. While the information on the page is not currently a comprehensive analysis of the virus that is not because it is not worth having an article about but merely because the article has existed for a small amount of time and has not had a n oppurtunity to grow. I started the article not just to inform but also to learn, I put a medium out there so that as a community Wikipedia users can continuously update one another on the nature of the virus and ways to combat it and believe that deleting it now prevents us from learning more about and further preventing the spread of this malicious virus. -Brian Silberberg
How do you detect Gumblar? I'm using [CLAM AntiVirus], but i can't find any hint on wether or not it will detect Gumblar. Clam claims it's virus database is updated every few hours. On other pages i read Gumlar is very tough to detect. Who's had any luck with this and if so, does this deserve a place on the article? Thanks - bart —Preceding unsigned comment added by Burt777 (talk • contribs) 13:34, 13 July 2009 (UTC)
I don't have the time to update it tidily myself; but leaving 'a single file on the server' cannot cause re-infection. I've since removed that section from the wiki page.
On the server side, it's just redirect code that is added in to the users website code (mainly infecting .html, .php and .js files as well as creating .htaccess files to redirect users).
If infected files are left behind, it simply means that the website in question will continue to infect other users if they visit it whilst unprotected - it has no impact on the local server itself past that.
Furthermore, Gumblar also enables promiscuous mode on the network card - allowing it to sniff local network traffic on an unswitched network, which alongside stealing saved details - is the the other primary way it gets FTP account details.
I removed this URL from the references section:
with anchor text GATEWAY ACCESS PERMISSION SYSTEMS (GAPS). It did not link anywhere in the Gumblar article, and is spam (or worse). It was added in December 2011. The edit log shows the details. --FeralOink (talk) 01:49, 27 July 2012 (UTC)