Friday, November 16, 2012

Dr. Web: New Windows Trojan-blocker

Experts have found a new sample of the Trojan family - Trojan.Winlock, which found signs of a backdoor

Researchers antivirus company "Dr. Web" reported the discovery of new malware samples per family Trojan.Winlock, specializing in locking the operating system Windows. The virus, called Trojan.Winlock.7372, differs from its predecessors because it does not contain any images or texts, and be uploaded from the Internet, serving as a backdoor.

According to experts, the new malware is an atypical representative Trojan.Winlock, because it contains the usual components of such viruses. When you lock the operating system loads the virus all the necessary elements of the Internet, and when locking the screen displayed by normal web-page.

After activation of the infected computer Trojan.Winlock.7372 puts itself into a branch of the registry, conducting startup programs. Then, the virus triggers an infinite loop start and stop several applications, including the researchers note the Task Manager, Notepad, Registry Editor, Command Prompt, system settings, browsers, Microsoft Internet Explorer, Google Chrome, Firefox, Opera, application ProcessHacker, Process Monitor, and others. After that, the Trojan disables the firewall and makes invisible to the victim's window, which is functioning as a backdoor downloadable from hackers web-page with the requirement to pay to unlock the operating system. For "unlocking" attackers require at $ 200.

No comments:

Post a Comment