Doctor Web informs Internet community about an epidemic of several modifications of Trojan.Blackmailer that has started at the end of March 2009. Starting on March 31 virus analysts of Doctor Web have been registering the increased number of detections of Trojan.Blackmailer The figures suggest that the number of infected machines may reach several millions. Definitions of new modifications of Trojan.Blackmailer were promptly added into the Dr.Web virus database as they appeared since the epidemic started. Now users of Dr.Web anti-viruses are protected from all variations of the Trojan.

The Trojan is the Internet Explorer plugin displaying an adware banner on every loaded web-page. A user is offered to send an SMS and receive a special code to remove it. Trojan.Blackmailer can’t be uninstalled with standard tools available in Windows.

When the epidemic broke out Trojan.Blackmailer.1094, Trojan.Blackmailer.1093, Trojan.Blackmailer.1086 and Trojan.Blackmailer.1091 entered the virus top five in the anti-virus statistics moving down the notorious Win32.HLLW.Shadow.based. Even if we assume that several samples of the malicious program can be found on the same computer, the threat level still remains severe.

Trojan.Blackmailer gets into a system not only from bogus web-sites that supposedly provide adult content but also from compromised legitimate web-sites using scripts embedded in the code of a page.

Doctor Web recommends all users to use alternative web-browsers and install latest updates for their operating systems and other software to lower the risk of infection. If the system has been compromised by one of the modifications of Trojan.Blackmailer, it is not recommended to send the SMS message that will only support cyber criminals. Use the Dr.Web scanner with the latest virus definitions or the latest version of Dr.Web CureIt! to clean your system of the malicious program.