Gumblar, is a malicious set of scripts that are embedded in .html, .php and .js files used on a website. Gumblar is able to load malware content from other websites without interaction of the computer user. Once a system is infected with Gumblar it is known to redirect a victim's computer to Google search result pages with links to malicious webpages.
Gumblar is able to spread through websites by theft of FTP credentials on systems belonging to webmasters. When a user visits a Gumblar infected site, they are also infected. In addition to being installed through malicious websites, Gumblar can install a backdoor that connects to an IP address of a botnet. Gumblar is able to spread aggressively, such as in the case of the Conficker Worm, through exploited websites. Detection and removal of Gumblar is difficult due to its ability to dynamically generate malicious code or scripts on various infected websites.