Win32/Vundo.A Trojan evolves with Worm behavior

According to data made public via the Microsoft Security Intelligence Report, the Win32/Vundo.A Trojan infected over 3.6 million computers in the second half of 2008, and occupies the third position in a malware ranking behind Renos and Zlob. It either copies itself into the mapped drive's root directory as a random dll name, or it […]

According to data made public via the Microsoft Security Intelligence Report, the Win32/Vundo.A Trojan infected over 3.6 million computers in the second half of 2008, and occupies the third position in a malware ranking behind Renos and Zlob. It either copies itself into the mapped drive's root directory as a random dll name, or it creates a random directory name and copies the dll in there with the same name. We often advise customers to clean machines infected with Vundo offline and reboot afterwards because the process in memory can download the file again even if the malware was deleted successfully. Given this new behavior, if you think that you're infected with a new variant of Vundo, try disconnecting from the Internet before scanning your system,” recommends Jaime Wong.

Source:→ Softpedia