Dr.Web Reviewed June Virus Threats
OREANDA-NEWS. July 14, 2010. Windows blockers remain a major virus threat in
While Windows blockers continued to terrorize users, Doctor Web did its best to help those whose systems were compromised by malicious programs of this type.
In January 2010, Doctor Web launched its Dr.Web Unlocker web site. The site includes web forms offering unblocking codes for certain phone numbers and text messages displayed by Trojans. Later an unlock code generator was also introduced. The site is updated on a regular basis to address the latest trends in the development of system blocking malware.
In addition, since June 23, 2010, Doctor Web has made its support service available free of charge to every user (regardless of the anti-virus involved) whose system has been blocked by a Windows blocker program and who can’t get help at the unlocker site. To further fight the outbreak, Doctor Web cooperates with law enforcement agencies and provides up-to-date information to the widest audience possible about the current status of the epidemic, including prevention and curing techniques.
During June, Doctor Web’s statistics server registered over 420,000 instances of detection of Windows blockers, down from the previous month’s figure of 940,000+. Most of these programs were detected by Dr.Web anti-viruses as Trojan.Winlock, Trojan.Adultban, and Trojan.Packed.20343.
By the end of June, Trojans demanding cell phone balance refills as ransom amounted to 30 percent of all blockers. Doctor Web's analysts studied numerous cases of systems being infected by such programs and concluded that, in most cases, users wouldn’t receive unlock codes even if they paid the ransom. Once again the facts confirm this rule: no matter how desperate you are, never give money to criminals!.
Below is a gallery of screenshots showing June’s most common Windows blockers.
Many users contacting Doctor Web’s technical support service in June were unable to visit social networking and free e-mail service web sites. When trying to load web pages, users got messages informing them that their accounts had been suspended for spamming, and that to continue they would have to send paid text messages. Dr.Web software detected the malicious programs responsible for such messages as Trojan.Hosts.
Reports received at the end of June indicated new modifications to Trojan.Hosts’ demand to refill cell phone balances, demands similar to those made by Windows blockers.
Because Trojan.Hosts and Trojan.Winlock are parts of schemes with similar mechanisms for converting acquired funds into actual money, Doctor Web also helps those whose support requests concern such viruses.
European bank customers who make wide use of Internet banking, particularly those of Volksbank
The Trojans were able to detect a browser used to access an Internet-banking web site and sprang into action only if the browser was Internet Explorer, demonstrating once again that users of other browsers are better protected from threats lurking on the Internet.
General trends of June include the still active Oficla botnet, with four modifications of Trojan.Oficla found among the top 20 malware threats most frequently detected in e-mail. Intruders also often resorted to malicious scripts detected by Dr.Web anti-viruses as JS.Redirector.based.3. Embedded in HTML documents attached to spam messages, they redirect users to web sites that spread malware or to advertisements that typically promote pharmaceutical products.
Комментарии