My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web: Trojan.Winlock in LJ

February 3, 2011

Doctor Web – the Russian anti-virus vendor – warns users about a new technique used by criminals to spread Trojan programs blocking access to Windows. Links luring users to download this malicious program are posted as comments at the LiveJournal web-site. Clicking on the comment directs a user to a photo hosting site from which they are redirected to an adult-content site where they are prompted to download an exe file — Trojan.Winlock.

Social networking sites have always been among prime targets of criminals. However, by now they haven't been exploited to spread modifications of Trojan.Winlock since other channels were in use, such as adult content web-sites, file sharing resources and other sites providing access to objectionable content.

The financial scheme used by propagators of Trojan.Winlock has undergone changes in recent months following the low-enforcement agencies crack-down that complicated use of short numbers at which victims were supposed to send paid messages. Besides, virus makers started searching for new channels to spread malware and LiveJournal has become one of them.

Since the late January 2011 users of the social networking service have been receiving comments containing an image linked to a photo-hosting site from which they are redirected to an adult-content resource. There they are prompted to download an exe file which the notorious Trojan.Winlock.

If the iser is tricked into downloading the file, Trojan.Winlock blocks access to the system and demands a ransom to unlock it.

As of today about 50% of all requests to Doctor Web's technical support concern Trojan.Winlock. Users who don't want to fall for the trick are recommended to use licensed anti-virus software and refrain from visiting objectionable sites.

If your system has been infected by Trojan.Winlock, visit, a web-site used to help users unblock their systems.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments