Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to news

Doctor Web: Trojan.Winlock in LJ

February 3, 2011

Doctor Web – the Russian anti-virus vendor – warns users about a new technique used by criminals to spread Trojan programs blocking access to Windows. Links luring users to download this malicious program are posted as comments at the LiveJournal web-site. Clicking on the comment directs a user to a photo hosting site from which they are redirected to an adult-content site where they are prompted to download an exe file — Trojan.Winlock.

Social networking sites have always been among prime targets of criminals. However, by now they haven't been exploited to spread modifications of Trojan.Winlock since other channels were in use, such as adult content web-sites, file sharing resources and other sites providing access to objectionable content.

The financial scheme used by propagators of Trojan.Winlock has undergone changes in recent months following the low-enforcement agencies crack-down that complicated use of short numbers at which victims were supposed to send paid messages. Besides, virus makers started searching for new channels to spread malware and LiveJournal has become one of them.

Since the late January 2011 users of the social networking service have been receiving comments containing an image linked to a photo-hosting site from which they are redirected to an adult-content resource. There they are prompted to download an exe file which the notorious Trojan.Winlock.

If the iser is tricked into downloading the file, Trojan.Winlock blocks access to the system and demands a ransom to unlock it.

As of today about 50% of all requests to Doctor Web's technical support concern Trojan.Winlock. Users who don't want to fall for the trick are recommended to use licensed anti-virus software and refrain from visiting objectionable sites.

If your system has been infected by Trojan.Winlock, visit, a web-site used to help users unblock their systems.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124