"A malware exploit that has been circulating since March or so is picking up the pace lately, hijacking more than 3,000 websites as of this week. Gumblar's goal is to manipulate Google's results in order to affect as many PCs as possible, which has some researchers describing it as "a botnet of compromised websites."
"Security researchers are stepping up their warnings about the Gumblar malware exploit as it continues to hijack webpages and manipulate Google results. Gumblar recently got the attention of the United States Computer Emergency Readiness Team (US-CERT), which noted on its website that Gumblar is alive and well and continues to circulate by hijacking vulnerable Web applications, poor configuration settings, or simply by stealing FTP credentials.
Experts who have been tracking Gumblar since March say that the malware directly manipulates files on Web servers after getting access to them. From there, the attack changes the files to inject scripts and distribute more malicious code out of gumblar.cn or from other, varying IP addresses. The code appears to target sites that show up in Google searches, according to the ScanSafe STAT Blog, and although Google began delisting compromised websites months ago, the code keeps changing, keeping Google on its toes."