Analysis of some infected websites showed that the only way to inject the infection of Gumblar was by using FTP access, because those websites have no server-side scripting. The injected script refers to another website hosting exploits and registering all attacked clients. The malicious code injection in HTML pages (which is a simple insertion of