Gumblar can also steal the FTP credentials and also it can hijack the Google searches, by replacing their results on the infected computers with the links of some other malicious web sites.

Mary Landesman who is a senior security researcher with the ScanSafe, wrote on one company blog that when this Gumblar malware was found in the month of March, it looked for the instructions on the server at gumblar.cn. This domain, at that time was taken offline, but that has been reactivated in the last 24 hours.

Those web sites which are infected with the Gumblar contain one iframe, which is actually a way for bringing the content from a Web site to another. The malware writers make those iframes as invisible usually. When the victim visits that web site, this iframe will be launching series of the exploits hosted on the remote computer that tries and hack the visiting machine.

Gumblar also checks to see if the PC of the victim is running the un-patched versions of the Adobe Systems' Reader as well as the Acrobat programs. If so, then the machine will be compromised by the so called drive by download.