The Gumblar botnet, an interconnected group of PCs infected by specific types of malware, appears to work more or less by itself, according to security experts at Kaspersky Labs.
Gumblar’s password-stealing and malware-spreading activities are not directly controlled by a human being, but rather by a small number of specialized command-and-control servers known as dispatchers. Kaspersky’s researchers estimate that there are fewer than 10 Gumblar dispatchers currently active, compared to roughly 50 injectors – which host the malicious code – over 700 infectors, and more than 40,000 redirectors, which are compromised sites that point users to the infection sites.
PC Magazine says that the dispatcher machines are probably PHP machines, and that they run Linux as an operating system. The actual human agency behind the Gumblar botnet only has to visit the dispatcher servers occasionally to update the malicious code so that it will continue to evade network security measures.