Last week the Gumblar malware was neutralized when the files containing its malware infection code were replaced with code that attempted to neutralize iframes. Today, those files have been modified to redirect users to files on other websites that contain the malware code. Like the original websites that hosted the malware code, these new hosts are websites that have been compromised by the malware. This is different than most attacks where the malware code is stored on a website controlled by the individuals behind the malware.