The designers of the Gumblar botnet have changed their techniques to evade detection and prevent researchers from downloading and analyzing the malware.

"A new analysis of the recent activity by Gumblar shows that the current version (or one of the current versions) has a new piece of functionality that checks to see what country a newly infected machine is located in during the initial infection routine," writes threatpost's Dennis Fisher. "The goal of the bad guys in implementing this check is to prevent Gumblar from infecting any new machines in Japan, where researchers have been quite diligent about finding and taking apart pieces of the Gumblar network."

"Gumblar has been infecting servers and PCs for more than a year now, with a high rate of success," Fisher writes. "The new change of direction by the attackers show that they're not content to stand still."

Click here to read the threatpost article.