Researchers at ScanSafe register a new Gumblar activity, multifunctional malware spreads when visiting web pages infected PCs. Among its features, Gumblar can steal FTP credentials and even hijack Google search results, replacing the result in infected PCs with links to other sites with malicious content.

When was identified in March 2009, it was discovered that Gumblar is sought by intsruções gumblar.cn on a server, the domain that was disabled at the time but returned to work last Friday (6/11), second comment posted on the blog by the ScanSafe researcher Mary Landesman.

Sites infected with this pest have an iframe - this is a technique that takes content from one site into another. Malware developers are able to make these invisible iframes. When the victim visits an infected page, the iframe loads instructions that are stored in a computer to try to hack the remote machine that is making the access.

Gumblar then checks if the guest machine is running an unpatched version of Reader or Acrobat, Adobe tools, and if found, it will jeopardize the functioning of the PC from malicious downloads.

Recognized as hazardous areas in general are suspended which leads to malware writers often have to change the area where her plagues will check for instructions. For some reason, the domain gumblar.cn was released and returned to use.

The researcher reports that websites that are still infected with the Gumblar can now turn to receive instructions and return to action. "It's a mess and need to be aware," he wrote.