Monday, August 11, 2008

CNN Alert Spam - Avoid Vundo infection

KitRx at EveryMethod is cleaning at least two or three infections of a new strain of the Vundo virus each week. Our managed systems are all protected with Anti-Malware/Virus software but they seem to make no difference and even cause further complications. I've finally come to the conclusion that Anti-virus software is practically useless against any elective installed Malware like these variants of Vundo. I cannot remember the last time any of these overhyped, under performing software packages actually found anything worthwhile. There are a number of variations to the Vundo hijack theme and almost all are deployed by forcing or requesting an install of a bogus video CODEC or flash plugin.

Vundo infects victims' computers by exploiting a vulnerability in Java and Windows systems and is deployed as a rootkit which makes it very difficult to remove = expensive. Many of the popups advertise programs including WinFixer, WinAntiVirus, WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy, XPAntivirus2008, Performance Optimizer, StorageProtector, PrivacyProtector, WinReanimator and others which are very similar programs available only for Windows that claim to repair computer system problems but do not actually do so - so DON'T INSTALL THESE WHEN TOLD TO DO SO - YOU'RE NOT A ROBOT - THINK FIRST THEN CLICK. There are no FREE TRIALS, just infected systems and expensive cleanups. This variant shown in the pics was sent using a CNN Alert SPAM email originating out of the Czech Republic.

The image shows an attempt to install a hijacked version of a flash plugin by the deploying site, masquerading as a CNN Video site. IF YOU CLICK OK YOU WILL BE INFECTED - PERIOD - SO DON"T. Unfortunately hitting CANCEL puts you in a loop which means you have the kill the browser process in Windows Task Manager. The pic shows the Firefox process but look for your browser in the list - then hit END Process. Delete the email, empty your trash and forward the link below to all your friends.