Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on October 16, 2009, 02:34:56 pm

Title: Gumblar Website Botnet Awakes
Post by: SysAdMini on October 16, 2009, 02:34:56 pm


Remember last May when we suggested that Gumblar was building a botnet of compromised websites? It appears that Gumblar is now using those compromised websites as hosts for its malware.

In a typical outbreak situation, there are compromised websites that act as a conduit for malware hosted on an attacker owned site. But in this case, the malware resides on thousands of legitimate (but compromised) websites.

The path/filename of the malicious .php file on the compromised site is identical to an already existing path/filename of a legitimate and already existing file (usually .gif or some other image type).