Company Doctor Web, "summed up the results of virus activity in September 2009.

According to the report Russia's developer anti-virus software, the activity of Internet use in September rise, so inevitably increases the number of Internet threats and affected by users. In September 2009, the most relevant viral events were dramatically increased activity Trojan Trojan.Encoder, encrypts data on computers of their victims, the continued invasion of the fake anti-virus, as well as the original methods of "cracking" of social networks.

September 28, 2009 Doctor Web, reported that during the last month has significantly increased the number of victims of the program-extortionist Trojan.Encoder, reference number of users and demanding ransom for their decryption. At present, the amount of compensation is 600 rubles, and in doing so even after the transfer of the money an attacker who calls himself a "corrector", it does not guarantee the transfer of utility-decoder or her performance in the affected user. And, according to the developer, every day dozens of affected users receive from the experts of Doctor Web, "help to restore the files infected by this malware.

Since the publication of this news came 3 new versions Trojan.Encoder - 43, 44 and 45. They differ from the previous new encryption key documents, as well as new contact information to the attacker. Specialists Doctor Web quickly created a utility that allows to decrypt files to which access has been blocked by new modifications Trojan.Encoder. But especially interesting is one the most "fresh" changed Trojan.Encoder. This version of the Trojan adds an encrypted file extension. DrWeb. After the successful counter Trojan.Encoder by the Dr.Web Anti-virus author, apparently, was born a desire to do mischief "by reference to our trademark in the name of the encrypted files.

In addition, the domain of specialists in "Doctor Web" was a reference to one of the sites the author's actual modifications Trojan.Encoder. Interestingly, the owner of the resource is trying to associate themselves with "Doctor Web, using images of the spider and the doctor, while the company does not have to such sites do with it. Obviously, assume a company, such design is used in order to confuse inexperienced users, and compromising "Doctor Web"

The attacker tries every way to appear before the victims from the positive side - as a man who helps restore the user's documents. On his website he offers a view the video, which demonstrates the work of decryption utility instruments for which extorted money. At the same time, the company Doctor Web, "suggests that extortion of money after the encryption of files deals with one person.

A fake anti-virus software is not the first month bother users worldwide. In order for people downloaded a malicious program, invented a variety of tricks - from the special internet resources to advertising a fictional "antivirus" to traditional spam.

In late September, a significant proliferation was one of the modifications fake antivirus Trojan.Fakealert.5115. The peak activity of this malicious program fell on Sept. 27, when the servers statistics from Doctor Web, there were more than 800 000 of its mystery. After starting Trojan.Fakealert.5115 in the Windows notification area icon appears with the message that the system is infected and that you must use special software in order to avoid loss of data.

It is further reported that Windows will automatically download the necessary software, for which you have to click on the message. After that, with specially trained servers are loading the other components Trojan.Fakealert.5115, which are determined by Dr.Web as Trojan.Fakealert.4709 and Trojan.Fakealert.5112. From the visual manifestations Trojan.Fakealert.5115 can also be noted window display of fictional anti-virus product called Antivirus Pro 2010.

In an unusual invitation to his potential victims of one of the virus from their pages on the Internet.He has published details of the alleged newly discovered hack user accounts, the popular social network "VKontakte. Using this method, the attacker provides an opportunity to get to edit someone else's personal data, and simultaneously protect against this "vulnerability" to your profile.To achieve this goal, it recommends the user to modify a system file hosts. It was withdrawn from the shoulders of virus writers care about how to implement this operation in the malicious program.