Virtumundo Proliferating Aggressively through Detachable Devices

According to a warning given by security researchers at Sophos, the computer Trojan Virtumundo that distributes malware to unprotected systems is now corrupting PCs through the Autorun feature. The malicious program, which works by planting itself on USB sticks as well as other detachable devices such as CD-ROMs, uses a distinct autorun worm.

Sophos reveals that Virtumundo, also called Vundo, combines the characteristics of Trojan, dropper and adware. The program's payload enables it to attach to browsers as well as inject bogus entries into search engine results. In addition, it encourages pop-ups usually touting 'scareware' or fake security software.

Besides, the creators of Virtumundo use it to plant other malicious programs on the infected system, like polymorphic viruses, rootkits, downloaders and spamming tools. This suggests that the Trojan's authors probably lend it to other gangs of cyber criminals to be used as a malware distribution utility, explaining the considerable efforts put in its survival.

Graham Cluley, Senior Technology Consultant, Sophos, states that Virtumundo surely exists out there and is infecting a large number of users' computers, as reported by SCMAGAZINE on March 19, 2009. Furthermore, the Virtumundo is especially interesting as its creators appear to have made significant efforts to continuously modify it with the aim to escape detection.

Julie Yeates, Security Researcher, Sophos, also elucidates that Virtumundo has acquired the features of a worm, letting it to spread from PC to PC through network shares and detachable storage devices, as reported by Softpedia on March 19, 2009. Ms. Yeates also declares that she stumbled on an autorun virus having something extra as a Virtumundo file.

Moreover, USB sticks have been a considerable danger for both data loss and spread of malicious code, with the threat largely increased during 2008 due to global economic changes and the wide use of INF disseminating tactics of malware authors that Vundo supports.

In the meantime, the Trojan after first appeared in 2004 has been aggressively proliferating since then. According to SophosLabs' researchers, they observed a steady flow of updates being initiated several times daily during the recent weeks of March 2009.

Related article: Virtumonde.gen Adware Package Ranked Highest in Malware Chart

» SPAMfighter News - 3/25/2009