Microsoft warned of an increase in web-based attacks related to a family of malicious code referred as “Gamburl” (also called Gumblar or Redir). These attacks seem to be coming from legitimate Web sites with pages that have been modified to contain this malicious script. So even if you’re visiting a Web site that you trust, there’s still the possibility that you may be a victim of these so-called “drive-by attacks”. When a user visits a site containing a Gamburl script, the browser will be redirected to a specific Web site that contains a slew of exploits and other malware. As of this writing, Gamburl is known to redirect to the following Web sites: gumblar.cn, martuz .cn . The screenshot below is a part of the Gamburl code. It attempts to determine the script engine version of the browser being used. Based on this information, the malicious site could serve a variety of targeted exploits.