vundo/virtumonde white paper

vundo/virtumonde white paper
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
vundo/virtumonde white paper Lolo 02-12-2008
Posted by Lolo on February 12, 2008, 6:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi All,

Is there anybody who knows where i can find any white paper, research,
analysis on the vundo/virtumonde virus?

I'm doing a sort of document talking about this virus and i need information
about it.

Any comment or personal experience is welcome.

I need to know how users get infected, from which infected website they got
this virus so i can make like a diagram from the begining of the infection
until the pop-ups start asking to download antivirus software.

Thanks for your help





Posted by David H. Lipman on February 12, 2008, 4:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hi All,
|
| Is there anybody who knows where i can find any white paper, research,
| analysis on the vundo/virtumonde virus?
|
| I'm doing a sort of document talking about this virus and i need information
| about it.
|
| Any comment or personal experience is welcome.
|
| I need to know how users get infected, from which infected website they got
| this virus so i can make like a diagram from the begining of the infection
| until the pop-ups start asking to download antivirus software.
|
| Thanks for your help
|

To start your research...

The Vundo is a Trojan and not a virus.
The Virtumonde is classed as an adware Trojan.

One major infection vector is exploitation of vulnerabilities in Java.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by What's in a Name? on February 12, 2008, 7:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On 2/12/2008 6:27 AM, Lolo, after much thought, came up with this jewel:
> Hi All,
>
> Is there anybody who knows where i can find any white paper, research,
> analysis on the vundo/virtumonde virus?
>
> I'm doing a sort of document talking about this virus and i need information
> about it.
>
> Any comment or personal experience is welcome.
>
> I need to know how users get infected, from which infected website they got
> this virus so i can make like a diagram from the begining of the infection
> until the pop-ups start asking to download antivirus software.
>
> Thanks for your help
>
My wife got one (AntiVirGear) through MySpace. She went to a user's page
and it said to install something to listen to a song. It didn't take but
a few seconds before a new toolbar to appear and the pop-ups to start.
What a chore it was to get rid of it. AdAware,Spybot,PestPatrol,MSAS
couldn't touch it. After several hours of scanning (should have known
better) I did some googling and found the only tool that worked-
Roguefix (run in safe-mode)

http://www.internetinspiration.co.uk/roguefix.htm
(notice PCButts thief warning)

max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Posted by David H. Lipman on February 12, 2008, 8:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


| My wife got one (AntiVirGear) through MySpace. She went to a user's page
| and it said to install something to listen to a song. It didn't take but
| a few seconds before a new toolbar to appear and the pop-ups to start.
| What a chore it was to get rid of it. AdAware,Spybot,PestPatrol,MSAS
| couldn't touch it. After several hours of scanning (should have known
| better) I did some googling and found the only tool that worked-
| Roguefix (run in safe-mode)
|
| http://www.internetinspiration.co.uk/roguefix.htm
| (notice PCButts thief warning)
|
| max

Sorry Max. That's the WRONG family.

The Vundo Trojan and Virtumonde Adware are part of the Winfixer family while you
mention the
SmitFraud/Fakealert family.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by What's in a Name? on February 12, 2008, 9:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On 2/12/2008 8:01 PM, David H. Lipman, after much thought, came up with
this jewel:
>
>
> | My wife got one (AntiVirGear) through MySpace. She went to a user's page
> | and it said to install something to listen to a song. It didn't take but
> | a few seconds before a new toolbar to appear and the pop-ups to start.
> | What a chore it was to get rid of it. AdAware,Spybot,PestPatrol,MSAS
> | couldn't touch it. After several hours of scanning (should have known
> | better) I did some googling and found the only tool that worked-
> | Roguefix (run in safe-mode)
> |
> | http://www.internetinspiration.co.uk/roguefix.htm
> | (notice PCButts thief warning)
> |
> | max
>
> Sorry Max. That's the WRONG family.
>
> The Vundo Trojan and Virtumonde Adware are part of the Winfixer family while
you mention the
> SmitFraud/Fakealert family.
>
Figures,the poor 2nd cousin.......
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Similar ThreadsPosted
New Anti Malware Vision (Venak and Avenak White Paper) December 15, 2007, 9:23 am
Black Paper about MPS Technology - Anti Malware technique February 14, 2008, 9:39 am

The site map in XML format XML site map

Contact Us | Privacy Policy