The criminals behind the Gumblar botnet and malware campaign have been adapting their techniques, as attackers are wont to do, in order not only to evade detection but to prevent researchers from downloading and analyzing new versions of the malware. A new piece of functionality that checks to see what country a newly infected machine is located in during the initial infection routine. The goal of the bad guys in implementing this check is to prevent new machines from infecting any new machines in Japan, where researchers have been quite diligent about finding and taking apart pieces of the network. The new research, by Vitaly Kamluk of Kaspersky s Japanese office, found that the complex network now comprises
Source: https://threatpost.com/gumblar-botnet-shifts-tactics-050410/73917/