Virus/Worm detected: JS/Gumblar.gen Protocol: "http" Source IP: 10.1.111.54 Destination IP: 203.216.247.249 Email Address From: "N/A" Email Address To: "N/A" http://www.fortinet.com/ve?vn=JS%2FGumblar.gen
2010-01-09 08:42:15 device_id=FG100C3G09602750 log_id=0211060000 type=virus subtype=infected pri=warning vd=root policyid=1 serial=22061480 user="N/A" group="N/A" src=10.1.111.54 sport=1257 src_int="switch" dst=203.216.247.249 dport=80 dst_int="wan1" service="http" status=blocked virus="JS/Gumblar.gen" url="http://www.yahoo.co.jp/" ref="http://www.fortinet.com/ve?vn=JS%2FGumblar.gen" msg="File is infected." また、週末FortiGateのログを確認したところ多数のHPでガンブラーを検出していました。本当だろうか・・・
- youtube.com
2010-01-09 09:33:30 device_id=FG100C3G09602750 log_id=0211060000 type=virus subtype=infected pri=warning vd=root policyid=1 serial=22063830 user="N/A" group="N/A" src=10.1.111.55 sport=1197 src_int="switch" dst=66.249.89.113 dport=80 dst_int="wan1" service="http" status=blocked virus="JS/Gumblar.gen" url="http://www.youtube.com/watch?v=DFtvOKXP-MQ" ref="http://www.fortinet.com/ve?vn=JS%2FGumblar.gen" msg="File is infected."
- microsoft.com
2010-01-09 08:55:18 device_id=FG100C3G09602750 log_id=0211060000 type=virus subtype=infected pri=warning vd=root policyid=1 serial=22061875 user="N/A" group="N/A" src=10.1.111.54 sport=1143 src_int="switch" dst=63.150.131.147 dport=80 dst_int="wan1" service="http" status=blocked file="broker.js" virus="JS/Gumblar.gen" url="http://js.microsoft.com/library/svy/broker.js" ref="http://www.fortinet.com/ve?vid=1409025" msg="File is infected."
- infoseek.co.jp
2010-01-09 09:15:24 device_id=FG100C3G09602750 log_id=0211060000 type=virus subtype=infected pri=warning vd=root policyid=1 serial=22062880 user="N/A" group="N/A" src=10.1.111.27 sport=1241 src_int="switch" dst=203.190.61.189 dport=80 dst_int="wan1" service="http" status=blocked file="recept.js" virus="JS/Gumblar.gen" url="http://hotspot.infoseek.co.jp/ths_banner/recept.js" ref="http://www.fortinet.com/ve?vid=1409025" msg="File is infected."
- excite.co.jp
Virus/Worm detected: JS/Gumblar.gen Protocol: "http" Source IP: 10.1.111.27 Destination IP: 210.128.66.234 Email Address From: "N/A" Email Address To: "N/A" http://www.fortinet.com/ve?vn=JS%2FGumblar.gen
2010-01-09 09:24:27 device_id=FG100C3G09602750 log_id=0211060000 type=virus subtype=infected pri=warning vd=root policyid=1 serial=22063370 user="N/A" group="N/A" src=10.1.111.27 sport=1180 src_int="switch" dst=210.128.66.234 dport=80 dst_int="wan1" service="http" status=blocked virus="JS/Gumblar.gen" url="http://www.excite.co.jp/world/english/" ref="http://www.fortinet.com/ve?vn=JS%2FGumblar.gen" msg="File is infected."
- adobe.com
Virus/Worm detected: JS/Gumblar.gen Protocol: "http" Source IP: 10.1.111.55 Destination IP: 192.150.8.45 Email Address From: "N/A" Email Address To: "N/A" http://www.fortinet.com/ve?vn=JS%2FGumblar.gen
2010-01-09 09:32:48 device_id=FG100C3G09602750 log_id=0211060000 type=virus subtype=infected pri=warning vd=root policyid=1 serial=22063775 user="N/A" group="N/A" src=10.1.111.55 sport=1172 src_int="switch" dst=192.150.8.45 dport=80 dst_int="wan1" service="http" status=blocked virus="JS/Gumblar.gen" url="http://get.adobe.com/jp/flashplayer/" ref="http://www.fortinet.com/ve?vn=JS%2FGumblar.gen" msg="File is infected."
感染しているか不安な方は、トレンドマイクロのオンラインスキャンでチェックしてみましょう。
0 件のコメント:
コメントを投稿