Experts in Australia have discovered that the Gumblar botnet, which first appeared on the web in May, has come back to life and is pumping out spam. Gumblar started it’s life as malware that attacked websites. It searched for FTP details stored on or typed into the infected site and used them to log into the site’s server and conduct an injection attack using a hidden iFrame. The malicious iFrame infected the machines of anyone who visited the site and proceeded to also infect any site those infected machines logged into via FTP.

 

Michael McGoogan, chief executive of AussieHQ reported that since Wednesday of this week, he has seen a “massive resurgence in infections.”

Gumblar has morphed itself many times and has become far more aggressive. The Gumblar exploit now appears to be at a stage two. It is now facilitating additional file uploads. Once it breaks in, either the initial attacker or third parties are gaining access to those files and using them to send out spam.”

When it first hit in May, Gumblar was responsible for 42% of all infections found on websites. It’s not yet known exactly what caused this revival-it could have been planned or the machines that make up the botnet could have been taken over by another cybergang.

Experts advise consumers to keep their anti-virus and anti-malware solutions up to date and to run regular scans. Webhosts are advised to keep an eye out for suddenly increasing server loads and to have a solid spam filter in place.