THE OFFICIAL BLOG OF THE SBS DIVA

Get a Zune.  Buy Zune point cards from BestBuy or Amazon and stick them in there instead of a credit card (the points from the 360 work for Zune too).  Better player, better software, less risk.

" I can also say that I scanned all of the computers in my possession and short of some new backdoor that is unknown, I challenge the view that this issue is bot related"

And I still say how can you be 100% sure even if you scanned the drives outside of the operating system ? There is malware today that erases itself after it is done. There are rootkits. There are hundreds of varients of malware and 60,000 new editions per day. They have ways of taking over a browser session so that you don't even know they were there. Antivirus is all but worthless whether run within the operating system or outside of it.

So I ask you again. How can you be so sure ?

I am highly recommending these days that people reformat and reload at least twice a year to be safe and even then you can't know on any given day if you are safe.

"Sorry I'm not buying that a malware/rootkit so silent with no tracks (supposedly)"

Supposedly ? Really ? Try fact.

siemblog.com/.../analysis-of-the-first-real-pdf-launch-attack-no-javascript-required

"The last few lines is the clean up portion, which executes 3000 milliseconds after game.exe is ran to remove game.exe, batscript.vbs, and script.vbs from the user’s computer"

"for this level of (supposed) sophistication"

No, again it's a fact

"This Trojan also attaches itself as the debugger for explorer.exe to hide itself and ensure it is started when Windows is loaded"

Are you still really so sure now ?

These things that you think are so sophisticated are actually easy these days. That's why it would be worth it for someone to target a specific thing like iTunes because that's all they may be interested in or they may not like the penalty involved for breaking into bigger things like bank accounts.

'There is no such thing as "no tracks" '

Granted. At least that we know so far.

But how much time and money would a person have to spend to either a.) prove that something was there or b.) prove to a 90% satisfaction that nothing was there ? And would you have to be trained by the FBI or Secret Service or another master malware writer to have the tools and knowledge ? How many hours a month would a person have to invest in keeping such knowledge current ?

This is not something for the average person who is trying to stay safe. So in the end periodic fresh installs seem to be the easy way to go.

And I wasn't saying that you got infected from a PDF. PDF's are just one of many vectors that the same strain of malware, as in the example given, can use to infect.