This month’s malware pick, highlighted in order to help you understand how to keep it off your system, is a threat known as Vundo. Vundo, which is also referred to as Virtumonde or Virtumondo, is a Trojan horse known to cause unwanted pop-ups and advertisements for bogus anti-spyware programs.
Understanding the Threat
Trojans, in general, have been prevalent in 2007. In fact, IBM’s recently released X-Force Report found Trojans to be one of the most common forms of threats this year, accounting for 28 percent of all malware.
While common, this type of threat is not fully understood by many computer users. According to a recent Lavasoft Ballot Box Poll, where website visitors are surveyed, over 50 percent responded that they have been infected with a Trojan in 2007, while another 30 percent responded that they did not know what a Trojan is.
Trojans are seemingly legitimate files that are actually malware. They are spread manually, usually by tricking computer users into believing they are helpful or needed.
The Bad Behavior
In the case of Vundo, computer users are commonly infected when they travel to websites containing adult content or pirated software, by exploiting vulnerabilities in Java software, and even through other malware that downloads and installs Vundo.
How do you know if you’re a victim of Vundo? Some of the common signs include:
- Pop-ups telling you your system is infected, and that you must download a certain program to fix the problem
- An increase in memory usage
- Desktop icons disappearing and reappearing, caused by explorer.exe restarting
- Registry changes
How can you avoid being infected? Make sure to keep your applications update-to-date, especially Java, Windows, and anti-virus software. It’s also a good idea to be leery of warez and adult content sites, as these are often guilty of spreading this malware.
Ad-Aware detects and removes many of the Vundo variants that computer users will find themselves facing. In fact, the Vundo family is the sixth largest family of threats in detection, with almost 1,400 versions. As Lavasoft researchers continue to add new variants into detection, it’s important to keep your software up-to-date with the latest Definitions File. Be sure that you are protected from the latest spyware threats by using Ad-Aware 2007’s Web Update feature, which gives you a quick, simple way to receive threat updates.
Because Vundo is a type of malware that often requires special help to remove, there are a number of online tools that exist to aid computer users. If you think you’ve been infected, a good starting point is online malware help forums, like the Lavasoft Support Forums.