IBM ISS s X-Force research team has found that the Gumblar botnet has refined its capabilities and added some new exploits to increase its effectiveness. The malware is relying on a combination of PDF, Adobe Reader and Microsoft Office Web Components exploits to attack the machines of visitors who stumble on the compromised Web sites. In previous versions of the malware, the malicious scripts and payload were hosted on a remote host, which gives them a decentralized and redundant attack vector. Heavy obfuscation is used in an attempt to evade security measures.
Source: https://threatpost.com/gumblar-back-and-better-ever-102009/72350/