February 3, 2011
Social networking sites have always been among prime targets of criminals. However, by now they haven't been exploited to spread modifications of Trojan.Winlock since other channels were in use, such as adult content web-sites, file sharing resources and other sites providing access to objectionable content.
The financial scheme used by propagators of Trojan.Winlock has undergone changes in recent months following the low-enforcement agencies crack-down that complicated use of short numbers at which victims were supposed to send paid messages. Besides, virus makers started searching for new channels to spread malware and LiveJournal has become one of them.
Since the late January 2011 users of the social networking service have been receiving comments containing an image linked to a photo-hosting site from which they are redirected to an adult-content resource. There they are prompted to download an exe file which the notorious Trojan.Winlock.
If the iser is tricked into downloading the file, Trojan.Winlock blocks access to the system and demands a ransom to unlock it.
As of today about 50% of all requests to Doctor Web's technical support concern Trojan.Winlock. Users who don't want to fall for the trick are recommended to use licensed anti-virus software and refrain from visiting objectionable sites.
If your system has been infected by Trojan.Winlock, visit www.drweb.com/unlocker, a web-site used to help users unblock their systems.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.