A report from ThreatPost.com says the Gumblar botnet is shifting tactics in order to evade detection, but also to try and keep botnet researchers from obtaining and analyzing the new versions of Gumblar.
Apparently, the newer versions perform a test to see what country a newly-infected machine is located in. This geolocation check happens during the initial infection and setup. If the machine appears to be located in Japan, the infection cycle is aborted.
This may be due to the fact that Japan is where a group of security researchers have been hard at work, dissecting and analyzing the Gumblar executable in an effort to understand exactly how it works (and how to stop it).
The Gumblar malware has been attacking and infecting servers and home PCs for over a year with a distressingly high rate of success. This response by the malware authors is a pretty clear sign that they're evaluating potential threats to their network and responding in an attempt to keep it from being compromised. It's just one more step in the cat-and-mouse game between malware makers and the malware fighters. I expect to see much more sophisticated and reactive techniques used by malware authors as time goes by.