Chuck Miller = May 21, 2009

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.

Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated. That is, it can be different on every site, or even every page on a site.

“This is just the most recent example of legitimate sites being exploited to spread malware,” Samantha Madrid, a Cisco security product manager, told SCMagazineUS.com on Thursday. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.”

To deal with the problem, Cisco offers five tips to enterprises and web sites to deal with the problem: Make sure security protection is implemented for web servers and web applications. Also, educate and alert users to pay attention to pop-ups that warn them if they're about to proceed to a questionable site. In addition, it is important to include client-side protection to establish a layered defense.

Spotted here