The specialists of “Dr. Web” today announced the distribution of the new Trojan-blocker of the acclaimed family Trojan.Winlock – Trojan.Winlock.7372.
From other vinlokov this Trojan is different because it does not contain any text or graphics – it loads them on the infected computer on the network. As the main purpose Trojan.Winlock.7372 chose foreign users.
The first Winlock Trojans oriented foreign users, have proliferated in the autumn of 2011, and before that the scheme was successful criminal earnings run-in by hackers in Russia. This malicious program is distributed with the family of Trojans, known as BackDoor.Umbra. Based on the internal structure, Trojan.Winlock.7372 no way resembles the other members of the Trojans extortionists. First of all, because it does not contain any images, text resources or other components, which are usually shown, these malicious applications on the computer screen when locking Windows. All the necessary elements Trojan.Winlock.7372 downloads from the remote server, and prevents the system screen is a normal web page.
Run on the infected computer, Trojan.Winlock.7372 registers itself in the system registry branch, responsible for the startup programs, and then runs an endless loop search or stop a number of applications and system utilities. Among them:
– Task Manager;
– Notepad, Registry Editor;
– Command Prompt;
– System Configuration;
– Microsoft Internet Explorer;
– Google Chrome;
– application ProcessHacker;
– Process Monitor;
– and others.
With the use of the rarely used technique Trojan disables running on the infected computer firewall. Trojan.Winlock.7372 then creates an invisible full-screen window that loads a malicious site owned web page with the requirement to pay to unlock the operating system.
Attackers require the victim’s fee of $ 200, with the proof of payment code to the server over the network virus writers. In the case of appeal to the management server in the browser window shows the proposal to enter your login and password to log in to the network management system the Trojan that allows attackers can monitor the spread Trojan.Winlock.7372 and change its settings.
“Doctor Web” – Russian developer of IT security solutions branded Dr.Web .