| Most of this page uses content from Wikipedia. The original article was at Gumblar. The page may have contained some inaccurate or outdated information, so please edit it so it contains better information.|
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
The malicious site sends the visitor an infected PDF that is opened by the visitor's browser or Adobe Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer. Newer variations of Gumblar redirect users to sites running fake anti-virus software.
The virus will find FTP clients such as FileZilla and Dreamweaver and download the clients' stored passwords. Gumblar also enables promiscuous mode on the network card, allowing it to sniff local network traffic for FTP details. It is one of the first viruses to incorporate an automated network sniffer.