The Gumblar attacks have been ongoing since early 2009 and are thought to be responsible for the compromise of hundreds of thousands of legitimate Web sites since then. The attacks have come in a couple of different waves and researchers have been watching them closely since the beginning. Researchers have begun to see indications that some of the sites involved in the attacks are now being used in spam runs selling fake Viagra and knockoff Rolexes and Omegas. The recent peak of such hybrid attacks may be a sign that the cybercriminal(s) are now starting to monetize it.
Source: https://threatpost.com/gumblar-crew-starts-monetizing-compromised-servers-083110/74406/

