Author Topic: Gumblar Website Botnet Awakes  (Read 2648 times)

0 Members and 1 Guest are viewing this topic.

October 16, 2009, 02:34:56 pm
Read 2648 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335


Remember last May when we suggested that Gumblar was building a botnet of compromised websites? It appears that Gumblar is now using those compromised websites as hosts for its malware.

In a typical outbreak situation, there are compromised websites that act as a conduit for malware hosted on an attacker owned site. But in this case, the malware resides on thousands of legitimate (but compromised) websites.

The path/filename of the malicious .php file on the compromised site is identical to an already existing path/filename of a legitimate and already existing file (usually .gif or some other image type).
Ruining the bad guy's day