Trojan.Winlock - A Money Extorting Malware Hits Russian Computers

Security researchers in Russia have recently discovered a new type of computer Trojan. The virus reportedly creeps into a PC and locks the system before demanding money. Trojan.Winlock, has affected several million Russian computers during January 2010.

Details about the worm indicate that when Winlock infects a computer, it displays a message "Windows is blocked" on the screen. Subsequently, the user is asked to send a SMS at the given number so that he can regain the system. But to send the SMS, the user has to spend a good 300 Rubles ($10) if not more. If the message is dispatched properly, the victim receives a reply on his cell-phone containing the unlocking code.

But all this happens again after some days. Despite the first SMS expenditure, the Trojan continues to stay on the system, while anti-virus programs too fail to work.

The research done on Trojan reveals that Winlock doesn't really infect files or tamper with data on the attacked PC. Instead, it prevents the user from gaining admission into his desktop or installed applications.

Askar Tuganbayev, Internet Expert, stated that deceitful providers of cell-phone content started abusing their authorized numbers of a few digits to carry out online fraud, as reported by Pravda on January 26, 2010.

According to Tuganbayev, those dishonest cell-phone companies can be easily located. Meanwhile, the network operators with whom the cell-phone companies have a contract pretend not to notice the deceitful businesses because they too receive a share in the profits.

Recalling the past incidences associated with malicious attacks of this kind, other security specialists remarked that the first time such an attack took place in 2005. Subsequently, trojans were unleashed, which encrypted computer data files and held the system for ransom. In later forms of this attack, the money demanded for decrypting the compromised data was specified and how it could be paid.

To ward off the said kind of malicious attacks, security specialists suggested that users should not click on a malevolent URL or run a file arrived from a stranger.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 2/3/2010