Gumblar is a botnet that infects traditionally non malicious web servers so as to infect the computers of users who have visited infected websites. Gumblar worm attacks PCs through vulnerabilities in some versions of the Adobe's PDF reader and Flash player software.

Using passwords obtained from site administrators, the host site will access a website via FTP and infect the website. It will download large portions of the website and inject malicious code into the website's files before uploading the files back onto the server. The code is inserted into any file that contains a tag, such as HTML, PHP, JavaScript, ASP and ASPx files. The inserted PHP code contains base64-encoded JavaScript that will infect computers that execute the code. In addition, some pages may have inline frames inserted into them. Typically, iframe code contains hidden links to certain malicious websites. The virus will also modify .htaccess and HOSTS files, and create images.php files in directories named 'images'.

WebAlarm keeps an eye on all your web server data round the clock to ensure that your website is always available and accurate. WebAlarm monitors any static file on the web server, including all kinds of web content, application scripts, web software and server configuration files that Gumblar virus and its variants targets. Any unauthorized tampering of data will be detected in the shortest possible time and can be recovered automatically without any human intervention.

WebAlarm is ideal for tracking changes and allows quick automatic recovery from unauthorized changes. WebAlarm will alert the data owners upon detection of missing documents or corrupted files.