Russian anti-virus vendor Doctor Web warns of the spreading epidemics of malicious programs belonging to the Trojan.Winlock family. In January 2010 the number of Russian users whose systems were compromised by malicious programs that demanded from users to send a paid SMS in order to unlock their systems reached several millions. Estimated losses are reaching 10 million dollars.
First modifications of Trojan.Winlock appeared three years ago. At that time they were not considered a severe threat since they removed themselves automatically in several hours after installation, didn't run in the Safe Mode and the SMS charge was much lower.
However, since November 2009 this ransom scheme has been gaining popularity among cyber criminals — new modification of Trojan.Winlock are getting more and more dangerous. Now removing a lock message displayed on top of all other Windows is quite expensive. Trojans don't remove themselves automatically and acquire new features. In particular, they block launch of certain programs (file managers, anti-rootkits, system diagnostics utilities that might help cure the system).
Malicious programs from the Trojan.Winlock family exploit Windows vulnerabilities (in particular, vulnerabilities of Internet Explorer) or get to user machines from malicious web-sites (as video codec files), through iframe exploit and over botnets (criminals controlling botnets can install software on compromised machines for a fee).
In January alone the number of victims of such programs reached several millions. Considering that the SMS charge is quite high the estimated income of the criminals in the very first month of 2010 amounted to hundreds of millions of rubles.
With new modifications of Trojan.Winlock appearing almost every day even users that protect their systems using up-to-date anti-virus solutions.
In order to help users Doctor Web is collecting all information about such Trojans in the dedicated section of its web-site. In particular, the unlock form helps users find an unlock code to regain access to their systems free of charge. In first two days after the project was launched hundreds of thousands of users have visited the project’s section.
Doctor Web has also issued a call to Russian authorities and telecom providers that could help finding people that register the short numbers at which users send highly charged messages.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.