Win32/AdsLock Trojan Exploiting CPC Advertising Content Locking Model Discovered

Microsoft's MMPC team warns about a newly discovered threat Trojan:Win32/AdsLock.A, that was found exploiting "content locking: model, but instead of locking web content, it is designed to lock the affected user's computer screen. The team says that it communicates with a malicious content gateway, which serves unwanted and controversial or illegal images to the affected […]

Microsoft's MMPC team warns about a newly discovered threat Trojan:Win32/AdsLock.A, that was found exploiting "content locking: model, but instead of locking web content, it is designed to lock the affected user's computer screen. The team says that it communicates with a malicious content gateway, which serves unwanted and controversial or illegal images to the affected user. It then displays the following threatening message, implying that the user has been engaged in an illegal activity:

The team says that "Constructor:Win32/AdsLock.A is a detection for a malicious tool that generates Trojan:Win32/AdsLock.A, which we have observed being distributed and promoted as an SEO tool." The constructor includes limited features, and seems to be in the early stages of development. However, it's worth noting that the idea presents an opportunity to maximize monetization from infections.

"Content locking is an ad content delivery model that forces visitors to complete an action before they can access desired content. This model can be monetized with cost-per-action (CPA) offers that provide visitors with some form of incentive, such as a service or free content, for performing the required action. Most affiliate websites enable this feature by using content locking software or tools, which basically lock the content, and then communicate to an ad-content gateway in order to capture CPA offers," explains MMPC team blog.