The malware code dubbed Gumblar which first appeared in March, has once again reared its ugly head after security experts declared it dead in April.
Gumblar seeks to identify old, unchecked vulnerabilities on a PC that browses a hacked site, installing malware where holes are discovered. Successful attacks install malware that manipulates Google search result pages when viewed by Internet Explorer, presenting victims with links to fraudulent sites.
"For example, if a user is trying to visit Tennis.com via Google, they may be directed to a fraudulent site designed to look like Tennis.com, where a backdoor Trojan will be immediately downloaded," internet security company ScanSafe reports.
"The Trojan could then allow cybercriminals control of the victim's computer, leading to myriad security issues, including personal data theft and stolen FTP credentials. Once cybercriminals are in possession of a victim's FTP credentials, any sites that victim manages can also be targeted for compromise - a common malware propagation tactic."
ScanSafe reports that Gumblar attacks have risen by nearly 190% in the past week, making it one of the fastest growing infections on the web. So far around 2,300 sites are known to have been affected.
Known as drive-by-download-attacks, these kinds of intrusions typically go after browser plug-ins installed by software and don't require opening or downloading anything.
ScanSafe said that Gumblar has largely targeted PDF and Flash flaws discovered last year (such as APSA08-01 and APSB08-11), and users are advised to update to the latest versions of Adobe software. ScanSafe reports that Gumblar also takes advantage of old MDAC vulnerabilities, and recommends that users download the latest Microsoft updates.