Gumblar.cn was the first domain discovered that was creating and managing the Gumblar attack. Gumblar.cn has now been closed down, as has the next in line, but it is thought that the virus makers have a whole host of domains and servers to utilise. To put simply, Gumblar steals FTP passwords from web designers and site managers, then uses them to connect to website servers, and edit .html .php and .js pages. It targets index files as well as creating files in image directories, and even modifies webalizer and awstats files given the chance. These are likely to be the backdoors.
Once Gumblar has infected a webserver, the website on that server becomes a carrier, and spreads the virus to new computers. Anyone browsing an infected website can pick up the virus. It utilises vulnerabilities in Adobe Flash and Adobe Reader in order to install itself on a PC.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Gumblar.cn may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.