Computer Security Wiki
Type Trojan horse
Affected platform/s Microsoft Windows

Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumundo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook.

The Vundo family of Trojans is one of the most common infections found in users' computers. This infection can cause popups that include advertisements for rogue anti-spyware programs. Some common rogue antispyware programs that are advertised include WinFixer, SysProtect and WinAntiSpyware. Users are normally targeted by false positives, fake alerts, and warning of infections on their computer. An example of this type of misleading advertisement would be popups alerting users that they are infected with a non-existent virus. The most common method of infection is through outdated versions of the Sun Java platform. This infection is normally detectable by users receiving popups when they use the Internet.

The Vundo infection has evolved over time to include harder and harder protection methods so that it cannot be easily removed. These methods are random names, random autorun locations, random CLSIDs, and rootkits to hide these locations from removal tools. Due to this, specialized tools have been created in order to target this specific infection and remove it.[1]


External Links[]