We’ve now analyzed more than 600 MB of collected data related to the recent resurrection of the Gumblar threat. Overall, we’ve identified 2000+ Infectors (computers hosting the malicious *.php files and payload) and 76100+ ‘Redirectors’ (computers with links leading back to the malicious sites). Most Infectors are also part of the group of Redirectors, they serve one *.php file and additionally contain the link to another Infector in their own entry page.
(If you’re interested in the structure of the Gumblar threat, my colleague Vitaly gives more details here)
Comparing the stats below with those from a month ago, you can see how the threat has spread and evolved. These latest numbers are a snapshot of November 30th and are continuing to increase steadily.