As expected, we can confirm more compromised machines. Our current count looks as follows:
7798 UNITED STATES
1765 INDIA
1332 ARGENTINA
1244 TURKEY
1094 RUSSIAN FEDERATION
1084 GERMANY
968 SPAIN
950 ISLAMIC REPUBLIC OF IRAN
881 REPUBLIC OF KOREA
878 MOROCCO
822 CANADA
815 PERU
792 JAPAN
712 THAILAND
689 AUSTRIA
678 ROMANIA
655 POLAND
654 ISRAEL
628 SWEDEN
599 ITALY
These numbers stand for unique hosts, some of them contain several user directories etc. which means that the real count is much higher than shown here. As mentioned before, each of these hosts are spreading a set of malicious files which are sent to a user depending on the computer’s environment. We used the site www.virustotal.com to confirm current detection status of 41 AntiVirus Vendors who participate on that site. The result showed that currently only 3 out of 41 vendors detect the malicious *.php file which is injected at above locations. The malicious *.pdf file scored with 4/41 and the flash content was detected by 3 out of 41 vendors. However, the main executable payload was detected by 33 vendors. Of course, these malicious files can be changed at any time by the criminals who operate this scheme. We are closely monitoring further development in order to protect our users as fast as possible.
Gumblar update