On October 15th Scan Safe wrote about the return of the gumblar botnet which can be found here.  The botnet was dubbed Gumblar back in May 2009 when it was first discovered. This was because the site which served the malware after a series of redirects was gumblar.cn.  Since then the Gumblar botnet has decentralized its malware distribution by using thousands of compromised legitimate websites. Once installed on the victims machine the  malware will look for FTP credentials from applications such as FileZilla.  The stolen credentials will then be used to to download files which will be modified before being uploaded back to the compromised account. In the example from the scan safe blog the malware (Trojan.Win32.Delf.phk) currently being delivered has a low detection rate.

More information can be found at the following links

http://en.wikipedia.org/wiki/Gumblar
blog.scansafe.com
wepawet
anubis