Although the Gumblar worm has been around for a while, various antivirus vendors have reported a spike in infections in the past few weeks.  Sophos has indicated that 42% of recent website Gumblar website infections were related to Gumblar and Scansafe has that number at 37%.

Conficker was mostly distributed by removable storage devices whereas Gumblar is distributed through compromised websites.  The number of infected websites has been what has been rising over the past few days and weeks with conflicting numbers from 3,000 to 10’s of thousands.  The worm does two things, first the site is infected by using compromised FTP access and then the infected sites then in turn infect users PCs.  FTP (file transfer protocol) is how site administrators and developers access a computer that hosts a website.  If the administrator leaves old user names and passwords, the site can easily be compromised and then infected.
Once on a computer is infected, the worms attempts to open Adobe Acrobat Reader and Flash to access known vulnerabilities in those programs.  The worm than starts to change our links in Google searches through Windows Explorer so the users access  websites that the hackers want them to visit.

Gumblar is new, growing and changing rapidly as do all viruses and worms.  They adjust to the fixes that the antivirus vendors come up with and attempt to access more and more sites.  Some very well known and reputable sites have been compromised already.

While the worm changes, it is difficult for security companies to keep up with the changes, the consumers best bet  is to maintain active antivirus and antispyware software on their computers.  Just assuming that you are visiting reputable websites is now always the best bet as a small security whole can leave the website and you, vulnerable.