Gumblar Compromises Now Up 188%, Gumblar Q&A
Just ran the Gumblar numbers from last night; looks like the number of compromised domains has now increased 188% since last week and is up 61% from yesterday's count. So the earlier post today using yesterday's numbers is already obsolete - that's how fast Gumblar is growing.
http://blog.scansafe.com/journal/2009/5/14/gumblar-compromises-now-up-188.html
Gumblar Q&A:
What happened next?
As Google began delisting the compromised websites, those site owners began cleaning up the mal-scripts pointing to 94.247.2.195. Likely as a defensive maneuver, in early May the attackers began replacing the mal-scripts pointing to 94.247.2.195 with dynamically generated and heavily obfuscated mal-scripts pointing to gumblar.cn. Blacklisting based on the original mal-script would thus be defeated, allowing the compromised sites to once again be listed by search engines.
http://blog.scansafe.com/journal/2009/5/14/gumblar-qa.html