Monday, December 14, 2009

Evil, Thy Name Is Vundo

No, Vundo's not an evil clown.

It's a Trojan horse. You know, one of those nasty computer viruses that sneak into your system, then wreak untold havoc.

Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook.

A Vundo infection is typically caused either by opening an e-mail attachment carrying the trojan, or through a variety of browser exploits, including vulnerabilities in popular browser plug-ins, such as Java. Many of the popups advertise fraudulent programs including (but not limited to) Sysprotect, Storage Protector, AntiSpywareMaster, WinFixer, AntiVirus 2009, AntiVirus 360, Personal Guard 2009, and Virus Doctor (not to be confused with Spyware Doctor).
Yep, the oldest trick in the book: present yourself as a kind soul, a do-gooder. Charitable, concerned, altruistic. Only to ruthlessly fleece your mark once you're in the door. Pandora's box in an attractive package. The handshake, then the stab in the back.

How do you know whether "Vundo's in the house"? Here are just a few of the symptoms:

  • Vundo may attempt to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager, registry editor, and msconfig...
  • Some firewalls or antivirus software may also be disabled by the virus leaving the system even more vulnerable. Especially, it disables Norton AntiVirus and in turn uses it to spread the infection....
  • Popular anti-malware programs such as Spybot - Search & Destroy or Malwarebytes' Anti-Malware may be deleted or immediately closed upon loading...
  • Web access may also be negatively affected. Vundo may cause many websites to be inaccessible.
  • Google search links may be directed to rogue antispyware sites, which can be avoided by copy and pasting addresses
  • Vundo may cause webpages to fail to load after sessions of browsing and present a blank page in the browser instead of the webpage.
... which is what happened on my computer. Popular sites. Blank pages. What the...?

And it hides so well, you can't detect it with spyware and rout it out (your outsmarted program claiming there are no infected objects when, in fact, they are legion -- which makes you
paranoid going forward, unsure if your system is ever virus free, reacting with panic to the slightest blip on your PC).

It manages to not only ingeniously mask but prodigiously replicate itself. A coup of deception and contagion. Rippling. Spreading. Like


You're left to speculate how it snuck in:
  • Open the wrong email (even though it presumably came from a "friendly" -- a familiar source or someone you know)?
  • Click on a suspicious attachment (or one that seemed completely innocuous)?
  • Close an annoying pop-up or an ersatz ad (not realizing that closing, instead of closing out, activates infection)?
Mystified, you come face-to-face with the fact: on the Internet, you're basically connected to everything. Pray you have systems in place (though none are 100% guaranteed) to filter out the bad stuff. But never forget: same as a conventional pathogen, no matter what precautions you take, no matter how you try to prevent it, if you go out in public, you're bound to catch something.

The process may well leave you (like me) feeling helpless and haunted with questions:

  • What did I do wrong?
  • What protection is there from Vundo's restless and devastating tentacles? (Or from predatory computer repair shops that want to charge you hundreds of dollars for virus removal?)
  • What sick, unprincipled scum sucker would create, and propagate, an abomination like this?
Ponder. Ruminate. Reflect. Then, all else pales -- the injustice, the outrage, the anger -- as you realize. As you resign yourself to the stark, shattering truth. Only one thing matters.

Satan is real.

And living in your computer.

No comments:

Post a Comment