Doctor Web detects outbreak of Trojan.Blackmailer

Doctor Web informs Internet community about an epidemic of several modifications of Trojan.Blackmailer that has started at the end of March 2009. Starting on March 31 virus analysts of Doctor Web have been registering increased number of detections of Trojan.Blackmailer The figures suggest that the number of infected machines may reach several millions. Definitions of new modifications of Trojan.Blackmailer were promptly added into the Dr.Web virus database as they appeared sincethe epidemic started. Now users of Dr.Web anti-viruses are protected from all variations of the Trojan.

The Trojan is the Internet Explorer plugin displaying an adware banner on every loaded web-page. A user is offered to send an SMS and receive a special code to remove it. Trojan.Blackmailer can’t be uninstalled with standard tools available in Windows.

When the epidemic broke out Trojan.Blackmailer.1094, Trojan.Blackmailer.1093, Trojan.Blackmailer.1086 and Trojan.Blackmailer.1091 entered the virus top five in anti-virus statistics moving down even the notorious Win32.HLLW.Shadow.based. even if we assume that several samples of the malicious program can be found on the same computer, the threat level still remains severe.

Trojan.Blackmailer gets into a system not only from bogus web-sites that supposedly provide adult content but also from compromised legitimate web-sites using scripts embedded in the code of a page.

Doctor Web recommends all users to use alternative web-browsers and install latest updates for their operating systems and other software to lower the risk of infection. If the system has been compromised by one of the modifications of Trojan.Blackmailer, it is not recommended to send the SMS message that will only support cyber criminals.