Gumblar Continues to Spread, Thousands of Sites Infected

Type threatpost
Reporter Dennis Fisher
Modified 2018-08-15T13:59:07


Months after it first appeared on the scene, the Gumblar malware continues to infect thousands of servers across the Internet and is closing in on nearly 80,000 servers pointing to the hosts that are serving the malware.

In just the last month, the number of servers redirecting users to the Gumblar malware hosts has increased in a big way. In a blog post on Viruslist, Kaspersky Lab malware analyst Michael Molsner gives the details:

We’ve now analyzed more than 600 MB
of collected data related to the recent resurrection of the Gumblar
threat. Overall, we’ve identified 2000+ Infectors (computers hosting
the malicious .php files and payload) and 76100+ ‘Redirectors’
(computers with links leading back to the malicious sites). Most
Infectors are also part of the group of Redirectors, they serve one
.php file and additionally contain the link to another Infector in
their own entry page.

Gumblar is a serious problem right now, but it’s important to note that it’s just one of several similar malware threats right now, including Zeus and Clampi.