Wirehead Studios

http://tech.yahoo.com/news/nf/20090225/tc_nf/64910

Be careful what you click on.  If you're using a Mozilla-based browser, I highly recommend the NoScript extension, which allows powerful control over javascript and blocks Flash by default.  You can easily whitelist trusted sites.

What the shit?
You mean to tell me that if there's some stupid advertisement in flash, someone could use that .swf to control my PC, even get my personal infos?

Damn.
/installs NoScript extension

im looking forward to fix these computers once comprimised :P..or not..but then again i usually like hackers n virus makers since they create work for us even thought removing viruses and exploits aint that much my favorite but moneys is moneys :)

Anyways time to update your flash ppls!

Thank god I have antivirus, antispy, identity theft protecter, and computer repair plus firewall all running 24/7 on my computer. :doom_thumb:

It's actually notably worse than a number of places will credit.

I've had a number of machines recently succumb to this particular exploit. Between Java, Flash, and Adobe Reader.

Any one of the 3 above are a potential infection vector right now, and one of the more popular bugs caught in this fashion is good 'ol Virtumonde. Occasionally you'll catch a search redirect or popup app on top of it.

Malware is easy enough to clean, but virtumonde annoys the !#$% out of me. Academically, it's a tenacious bug, but it's a tough one to protect against and reinfection is all but guaranteed. I've had strains of this bug go so far as to pose as a legitimate cached windows update, being almost indetectable until you reboot and find yourself reinfected. On top of that, if you get one of the particularly nasty ones, it will also disables any and all antivirus software, as well as updates, and even the domains associated with useful removal tools.

FYI, I believe there was a remote infection exploit involving this as well, allowing a 3rd party to infect ads and the like.

You know you never had this problem with the old Atari 2600...

Could not agree more.  Virtumonde is the second most irritating virus I've ever encountered, and it seems to be all over people's computers.

The only virus more agitating (to me at least) really doesn't have a name.  The only file that it always has, though, is ... udxfytw.sys.  Now, to be fair, I believe the thing I encountered was actually a variant of the "normal" one, since absolutely none of the removal software could get rid of it.  I think only one thing could remove it temporarily (which means it wasn't fully removed).

My own methods were better (I think the computer lasted a full week before it came back), but in the end the only way to get rid of it (this is after checking the boot sector, looking for rootkits, restoring all system files from a backup, etc) was to do a format.

Very sad, since, for the most part, I'm able to remove viruses without having to resort to that method (although sometimes the damage done is too great and the system ends up needing a format anyway).

I haven't had the misfortune to encounter either of those two, thankfully.

I know all about virtumonde since i can't even count all the computers i've disinfected from that shit. However its not that hard to kill really, use the tools combofix, then scan with malwarebytes anti malware and after that use trend micros hijackthis! and delete any registry key refering to (no file) and delete keys pointing onto winlogon process.

Of course you use the tools on your own risk :)

so far most virtumonde infected computer has been infected due to lack off updating java so if you have java installed (which most do) keep it updated!