Gumblar Introduces Change in Tactics
Masterminds of the Gumblar botnet and related malware campaign are constantly embracing new techniques to evade detection as well as to prevent security experts from downloading and studying the fresh variants of the malware.
As per the security researchers, recent analysis of Gumblar's activity suggests that the latest variant (or one of the current variants) includes a new functionality that checks for the country where a freshly infected computer is located during the initial course of infection, as per the news published by esecurity Planet on May 5, 2010.
Security experts noted that Gumblar has been continuously infecting computers and servers for over a year now, that too with a high success rate. The change in tactics adopted by attackers suggests that they are not going to sit idle. The thing that has changed since the botnet commenced its operation is the amount of infected servers and the extra layer of servers in its chain of malicious process.
Vitaly Kamluk from security firm Kaspersky's Japanese Office found in its latest research that complicated Gumblar network consists of a minimum of 4,460 backdoored servers at present, as per the news published by threat post on May 4, 2010.
Kamluk further noted that for now, the number of compromised client systems in the Gumblar's network remains unknown, but it is believed to be higher than that of compromised servers, as the number of servers just depicts the number of infected users with their own websites and using FTP clients on compromised systems, reported THE NEW NEW internet on May 5, 2010.
» SPAMfighter News - 17-05-2010