September 11, 2008

An entry concerning Trojan.Encoder.21 – an extortionist Trojan compromising machines of Russian Internet users – has been added to the Dr.Web virus database. The modification of the malicious program works the same way as Trojan.Encoder.20 that was described in our news earlier. Every user fallen victim of activities of the program can download a free decryption utility.

However there are a few differences between Trojan.Encoder.21 and the previous version of the malicious program. Now the crypted.txt file contains instructions to use only a specified payment system ruling out PAYPAL or cash. Trojan.Encoder.21 spreads via web-sites known to distribute Trojans. While previous versions of the program used specifically generated links this new approach can dramatically increase its spread rate.

Doctor Web advises users against transferring their money to a writer of the Trojan which would only encourage further development of the malware. In case you discover your files have been modified in the way similar to Trojan.Encoder.21 you can download a free utility that would decrypt your data.