The Gumblar botnet is beginning to mobilize, warns researchers. ScanSafe says that a number of pages connected to Gumblar attacks in May have begun serving malware to visitors, reports V3.co.uk.
Most of the compromised sites are "mom and pop" sites in non-English-speaking countries. Attackers have a little trick for sending traffic directly to the malware hosted on those sites. Instead of infecting a single attack site, each of the compromised servers is hosting the malware on its own. Also, the botnet's operators are using a script that redirects users to a number of Web forums.