Skip to main content

A friend and me recently got hit by a very similar virus, a mutation of Virtumonde, on both our work machines.  We don't view many sites and/or browse porn on our professional boxes; the only site we both have in common is Huffington Post.  More after the jump.

HP is in all likelihood completely innocent since a common malware injection mode these days is ad serving, where even responsible ad administrators can be misled by bad guys showing them innocuous ads, then replacing them with virus injectors after a test run.  There are reports this type of malware tries to steal banking passwords, although I haven't run across that yet.

How can you tell if you've been infected?  Virtumonde is rogue adware, so it typically starts popping up unrequested Internet Explorer windows spamming junk like bogus anti-virus scanners.  Do NOT click on any of these; they're worse than useless and will install more junk on your machine.  V also tries to hide itself from the user, so looking at Processes under Task Manager uses up something like 10% to 20% of the CPU instead of the normal 2%.  Most virus scanners will find Virtumonde, although they'll have a tough time getting rid of it since it's polymorphic and also hides in system files.

Here's how to start protecting yourself:

  1. Use Firefox with AdBlock and a subscription to updated ad lists.  Internet Explorer is a collection of security holes flying in loose formation, and though Chrome says it can have ad blocking, it doesn't make much sense for Google to kill off its main revenue stream so Chrome's blocks will be leaky.  (Windows/Mac/Linux)
  1. Go to, download AVG 9.0 or later, and install it on your machine.  The current link is here: (Windows only)

  1. Make references to crudware go away by using the local HOSTS file to redirect accesses away from junk servers.  This site has a well-maintained HOSTS list which will block a major part of the crap:
Note a large hosts file might slow down a Windows machine, so the list maintainer has instructions about halfway down the page on how to avoid that inconvenience.  (Windows, Mac/Linux for experts only)

As well, the usual practices about using a hardware firewall and turning on the Windows software firewall apply.

No one thing will protect your machine completely.  The only truly secure computer is unplugged, with the power switch welded off, and in a concrete cube at the bottom of the Marianas Trench.  Nevertheless, each step can buy enough incremental safety to reduce the chances of getting exploited to a liveable quantity.

Unfortunately, blocking ads in this way also hinders a major DK revenue stream, so if we truly believe in the Great Orange Pumpkin as well as protecting ourselves then we need to pony up some coin to keep the good work coming.

Originally posted to SCFrog on Wed Apr 14, 2010 at 11:50 AM PDT.

Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags


More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site