A friend and me recently got hit by a very similar virus, a mutation of Virtumonde, on both our work machines. We don't view many sites and/or browse porn on our professional boxes; the only site we both have in common is Huffington Post. More after the jump.
HP is in all likelihood completely innocent since a common malware injection mode these days is ad serving, where even responsible ad administrators can be misled by bad guys showing them innocuous ads, then replacing them with virus injectors after a test run. There are reports this type of malware tries to steal banking passwords, although I haven't run across that yet.
How can you tell if you've been infected? Virtumonde is rogue adware, so it typically starts popping up unrequested Internet Explorer windows spamming junk like bogus anti-virus scanners. Do NOT click on any of these; they're worse than useless and will install more junk on your machine. V also tries to hide itself from the user, so looking at Processes under Task Manager uses up something like 10% to 20% of the CPU instead of the normal 2%. Most virus scanners will find Virtumonde, although they'll have a tough time getting rid of it since it's polymorphic and also hides in system files.
Here's how to start protecting yourself:
- Use Firefox with AdBlock and a subscription to updated ad lists. Internet Explorer is a collection of security holes flying in loose formation, and though Chrome says it can have ad blocking, it doesn't make much sense for Google to kill off its main revenue stream so Chrome's blocks will be leaky. (Windows/Mac/Linux)
- Go to CNet.com, download AVG 9.0 or later, and install it on your machine. The current link is here:
http://download.cnet.com/... (Windows only)
- Make references to crudware go away by using the local HOSTS file to redirect accesses away from junk servers. This site has a well-maintained HOSTS list which will block a major part of the crap:
Note a large hosts file might slow down a Windows machine, so the list maintainer has instructions about halfway down the page on how to avoid that inconvenience. (Windows, Mac/Linux for experts only)
As well, the usual practices about using a hardware firewall and turning on the Windows software firewall apply.
No one thing will protect your machine completely. The only truly secure computer is unplugged, with the power switch welded off, and in a concrete cube at the bottom of the Marianas Trench. Nevertheless, each step can buy enough incremental safety to reduce the chances of getting exploited to a liveable quantity.
Unfortunately, blocking ads in this way also hinders a major DK revenue stream, so if we truly believe in the Great Orange Pumpkin as well as protecting ourselves then we need to pony up some coin to keep the good work coming.