Kaspersky, the Russia-headquartered IT security vendor, says that Gumblar.x, the latest variant of the worm, registered 453 985 infections during February, despite the fact that the malware had all but disappeared during the month before.
Gumblar hit the headlines at the end of May 2009 when it went straight to the top of Kaspersky's top 20 internet threat rankings.
Last October, the IT security firm said that new variants of the malware – Gumblar.x and Gumblar.w – had been detected, using more sophisticated technologies than their predecessors, with the number of attempted downloads recorded at 740 836.
According to Kaspersky, the early incarnations of Gumblar demonstrated how cybercriminals are able to take old attack methods and rework them.
Initially, says the company, the program would contact dedicated malicious servers to fetch more malware. This evolved and later versions of Gumblar that are downloaded as password stealers, used to compromise legitimate websites.
Another trojan downloader program worthy of note for its high level of activity during February was Pegel, which Kaspersky reports as having grown almost six-fold throughout the month and has now reached epidemic proportions since it was first detected in January.
According to Kaspersky, Pegel has several similarities to Gumblar, in that it also infects perfectly legitimate websites.
A user that visits an infected website, says the company, is redirected by the malicious script to a cybercriminal resource and to ensure users don't suspect anything, the names of popular websites are used in the addresses of malicious pages.