The huge network of web pages compromised by the Gumblar botnet is now being used to spread malware, according to researchers.
Security firm ScanSafe reported that a number of pages connected to the Gumblar attacks in May had been serving malware to visitors.
The company noted that the attacks were unique in that, rather than infecting the pages to link to a single attack site, each of the compromised servers is hosting the malware on its own.
In addition to the compromised pages, the botnets operators have inserted a script that redirects users to a number of web forums.
"The majority of the compromised sites are small 'mom and pop' style sites in non-English speaking countries, but that's not important because the attackers have a clever trick for driving traffic directly to the malware hosted on those sites," said ScanSafe senior security researcher Mary Landesman in a blog posting.
First appearing in May, the Gumblar attack gained notoriety in the security world for the speed at which the malware spread. The attack not only compromised the target system, but checked for FTP credentials which were then used to target other pages.
Apple, Samsung, Google and others rush to go ever-higher upmarket is putting off potential customers
Laser tech can charge mobile phones from across a room
AMD's Zen chip roll-out continues with the focus on high-power embedded applications
And becomes the team's executive chairman to boot