The Gumblar botnet was first detected in March 2009, and had its heyday that same year, at one point surpassing Conficker in terms of infection rates.
Since then, Gumblar has spread rapidly, becoming one of the biggest threats on the Internet by exploiting Web browsers and browser plugins, such as Adobe Acrobat, Reader and Flash Player. The malware attack that ensues infects users via malicious PDF and Flash files, which in turn, exploits security flaws in the software that handles them. Victims are automatically infected without any user intervention.
And because it targets the Web browser on a PC, Gumblar is responsible for compromising numerous legitimate Web sites with embedded attack code, such as Tennis.com and Coldwellbanker.com, as well as searches the victim's system for FTP credentials that can be used to compromise additional Web sites.