Gumblar is currently targeting users of IE and Google search, delivering malware through compromised sites that infect a user's PC and subsequently intercepts traffic between the user and the visited sites. This means that once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, passwords or other sensitive data. Visitors encountering the compromised website also risk having their subsequent search results replaced with links that point to other malicious websites. The malware can also steal FTP credentials from the victim's computer and use them to infect more sites, thus increasing the spread of this threat.
Gumblar was first detected in March and has spread more quickly since then, against the expectations of security experts.The scripts attempt to exploit vulnerabilities in Adobe's Acrobat Reader and Flash Player to deliver code that injects malicious search results when a user searches Google on Internet Explorer
How to protect and remove?
If you are running ZoneAlarm® ForceField™ browser security technology you are already protected. If you are running ZoneAlarm Extreme Security, you must turn ON ForceField virtualization (Open ZoneAlarm Extreme and go to 'browser security', 'settings', 'advanced' and click 'enable virtualization'