0 Members and 1 Guest are viewing this topic.
Remember last May when we suggested that Gumblar was building a botnet of compromised websites? It appears that Gumblar is now using those compromised websites as hosts for its malware.In a typical outbreak situation, there are compromised websites that act as a conduit for malware hosted on an attacker owned site. But in this case, the malware resides on thousands of legitimate (but compromised) websites.The path/filename of the malicious .php file on the compromised site is identical to an already existing path/filename of a legitimate and already existing file (usually .gif or some other image type).
Page created in 0.047 seconds with 17 queries.