Gumblar; it sounds like a nasty infection and is indeed - although not a human one thankfully! It's a very tricky malicious piece of computer code that attacks and infects unsuspecting websites and their users. In other words, if your website or computer is infected with Gumblar, you've been hacked.
Gumblar - A Warning! This post is written both as a warning and in the hope it will help anyone who uses the internet as either a source of information or income.
So why am I writing about it?
Because it got me, or to be more precise it got my website, that's why!
I noticed over the last couple of weeks that visitor numbers to my website, www.BreastfeedingMums.com had plummeted. So had my Google earnings which help pay the hosting bills as well as other expenses I incur, not to mention my wages!
Anyway, I also realised my laptop was running incredibly slowly and then last week anytime I did a google search although the search results appeared appropriate, I was finding myself ending up on completely different sites to those I'd clicked on! Not only was it very frustrating but more than a little bit confusing and time-consuming.
I kept getting a message popping up telling me my McAfee protection was not fully functional and needed to be re-installed. However, I couldn't get onto the McAfee site from any of our computers as gumblar was somehow blocking it on me. That was really worrying.
I tried doing online searches to finding out how to check if my computer was infected but no matter what programmes I used to try to detect or clean up the problem nothing seemed to either detect any serious problems or sort them out.
Fortunately my husband is a programmer and even though he was baffled as to how it happened he was pretty sure something had got into the system somehow. He asked a guy in work who deals with security problems in the world of computers for some advice and as he'd suspected he said if all else failed we'd have to wipe the hard-drive completely after backing up anything we wanted to keep such as photos, movies or important documents.
At this point remember we still didn't know what was actually going on. However, by chance when using Google Chrome as my browser I noticed Google was placing the following message on a big red page before people could access my site:
Warning: Visiting this site may harm your computer!
The website at www.breastfeedingmums.com contains elements from the site gumblar.cn, which appears to host malware - software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Now that was scary... but thankfully it was also telling us what the problem was. I also noticed that several pages I tried to visit were being automatically re-directed to this gumblar . cn.
I did a few searches and what I read shocked me.
Basically gumblar is attacking thousands of websites a week and redirecting their traffic to sites they are running plus users of infected websites may be unwittingly infecting their own computers potentially risking their online security, thus making their secure details available to criminals.
What did we do to get rid of it?
Well, I spent hours on Friday evening going through every single page on BreastfeedingMums.com (all 800+) removing strange code that I hadn't placed there. Somehow the people behing gumblar had managed to get a hold of my passwords and make changes to the code. Funnily enough last week I had noticed lots of strange numbers and digits and unusual blocks of text in the code when using our upstairs pc but because I don't know that much about coding I assumed it was because I was using Dreamweaver upstairs on the pc instaed of on my usual laptop which by now was unusable. However by reading some info about gumblar online I recognised the code for what it was and set about deleting it.
Shockingly almost every page on the site was infected.
Not only that but a lot of the scripts I was using on parts of the site were also infected.
Between me and my husband we spent the entire weekend cleaning up the site, removing scripts and replacing the infected code with clean code. We also had to contact our internet service and hosting providers and change our passwords a few times. Then we had to wipe the hard-drive clean and re-install Windows and all the other programmes I have discs for. We then had to re-upload the site and let Google know it was clean.
The scary thing is we don't actually know how gumblar made its way into our lives. We're very careful not to download material from sources we're suspicious of and we're extra careful about making sure we have plenty of security on our computers. The only thing I can think is that the children have clicked on something that popped up whilst they were playing on one of the sites they use. (As a consequence the children are banned from my laptop forever!)
Or perhaps I visited an infected site and it got onto my computer and infected it and the website that way. After all, it was only Google Chrome that warned me about the problem and until last week I predominantly used Internet Explorer and sometimes Firefox. I think I know which browser I'll be using in future!
How long did it take to clean things up?
In all it took an entire three days to ensure both the the website and my laptop were clean once we knew what the problem was. There were also countless days wasted trying to remove any suspicious stuff that may have been lurking on my computer prior to finding out what the problem actually was.
We still have to check the other laptop and pc for problems but for now they seem to be okay.
In addition we still have to wait for google to check it out and remove the big red warning signs that are scaring all my site visitors away!!!!
For goodness sake, warn everyone in your family and workplace about this problem as all too often by the time it's discovered a lot of damage has been done. Many people aren't yet aware of gumblar and the damage it can do.
Warn everyone you know not to download programmes that seem to be offering things that seem too good to be true. Don't open email attachments from people you don't know and that includes forwarded stuff from friends unless you trust them to be as careful as you are.
Finally, if your secrrity protection is about to expire, renew it and if it warns you something is amiss take action immediately.
I'm lucky in that I didn't have to pay anyone to clean up the mess gumblar made of my laptop and website. But just imagine how much it would have cost had I to pay a professional to do what my husband did. However, it did cost me a nd my husband a fortune in terms of lost visitors to the website, lost income and a lost family weekend together...
Take Care and if you have any advice for others about how to deal with gumblar please feel free to add it to the comments section below. Thanks.
PS. One good thing that came out of it all is that I got rid of so much junk on my laptop that it's running like a brand new machine now and that's something I never would have got around to otherwise ;)