Most of this page uses content from Wikipedia. The original article was at Gumblar. The page may have contained some inaccurate or outdated information, so please edit it so it contains better information.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.

Gumblar is a malicious JavaScript trojan file that redirects the user's Google searches, and then installs rogue security software. Also known as Troj/JSRedir-R[1], this botnet first appeared in 2009. Gumblar infections have been widely seen on older Windows PCs. The virus would take websites and replace them with malicious links.


The malicious site sends the visitor an infected PDF that is opened by the visitor's browser or Adobe Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer. Newer variations of Gumblar redirect users to sites running fake antivirus software.

The virus will find FTP clients such as FileZilla and Dreamweaver and download the clients' stored passwords. Gumblar also enables promiscuous mode on the network card, allowing it to sniff local network traffic for FTP details. It is one of the first viruses to incorporate an automated network sniffer.