Sunday, August 17, 2008

What's Hot at MMPC?

Tareq Saade reported in the MMPC Blog that three of the five most viewed malware encyclopedia entries last month were Vundo (Virtumundo). Those of us who provide help in the forums removing infections certainly see enough Vundo. Readers should consider why Vundo is dreaded when we see it on a user's computer. As Tareq explains:

"Once running, it typically calls home to acquire advertising material and software updates. As part of this communication, we have observed that it sends information including e-mail accounts details, internet account details, OS version details (including the name of the person that registered the computer), network adapter information (including the MAC address), keyboard layout, crash logs, and a variety of other details about the user on the machine which it has installed itself on.

It also has the ability to auto-update itself, which is another way of saying the people behind it are able to push out any bits they like and have them silently installed on all machines that have Win32/Vundo installed. Further still, it may terminate other legitimate security software in order to protect itself from detection or removal."

Vundo is a nasty infection and one to be avoided. Practice safe surfing; download software only from reputable sites, preferably the software vendor; delete spam emails and don't open unexpected attachments. Keep your system updated with the latest security updates, not only for the operating system but your antivirus and anti-malware software as well.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: