Information about Gumblar infection

Gumblar infection is spreading through PDF and Flash files (.pdf and .swf) that are in most cases downloaded from infected FTP servers where it creates copies of mentioned files.

Users with unpatched vulnerabilities in Adobe Acrobat Reader or Adobe Flash Player applications may be infected through exploits in the .pdf and .swf files. The security of FTP servers is compromised by searching for saved connections to FTP servers, so it is suggested to change the passwords after infection is removed.

Malware infection known as Gumblar is detected by AVG under following designations: trojan Horse Agent2.HYG, Defiler, variants of trojan horse Exploit or Exploit.PDF.