Trojan Left Users with No Choice, Asks for “Windows or Money”
The researchers of Security firm, Dr. Web, inform that they lately discovered a Trojan that locks users out of their Windows PC until they pay a rescue sum. This Trojan.Winlock is only found spreading in the Russian World Wide Web.
Purportedly, the Trojan is circulated as a sham video codec. It enters into a system through an installation and then maneuver the computer so that on start up the user meet a Russian dialogue giving commands for unlocking the system. This entails sending a numeric string to a vastly priced SMS number for acquiring the release code.
It also cautions that any endeavor to reinstall the system can lead to slaughter of vital details and system damage. The security firm claims that the Trojan was found on April 8, 2009.
Moreover, the security researchers also declare that Trojan.Winlock does not maneuver files but restrict users from the applications and desktop access. A well-informed user can insert a boot CD to evade the problem, use the files and eradicate the Trojan, although anyone less techno savvy can end-up paying for this.
On the FireEye blog, Atif Mushtaq, from FireEye Malware Intelligence, informs that a number is vigorously produced by the virus itself and is may create the ensuing unlock code, as per the news by SecurityProNews on April 21, 2009.
In the course of surveillance of virus's activities, Atif claims the virus boots at the same time a user logs in and correspond with a fake domain: ogggooogoggoog.com, which is registered in Russia.
Apparently, Symantec has reverse-engineered related trojans and produced an unlock tool. Conversely, Atif says that the tool will not work on this fresh version.
Security experts of Dr. Web exhort all users to renounce sending paid messages to virus creators. As per them, using advanced anti-virus software can secure users from the Trojan.
In the meantime, security firm PandaLabs has also noted that it discovered a Trojan called Trj/SMSlock.A which demands money, in the similar manner as that asked by the aforementioned Trojan, to sanitize its infection.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 28-04-2009