The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

The Winlock case - I'm taking bets!

Kaspersky Lab Expert
Posted September 01, 02:25  GMT
Tags: Ransomware, Cybercrime Legislation, Malware Creators

Interesting news on Trojan SMS Blockers (Winlock etc). These programs block Windows and demand a ransom in the form of a text message which is sent to short number for a fee. It's a very popular type of racket at the moment, both in Russia and a few other countries.

The whole affair has now reached the General Prosecutor’s office of Russia – the criminals have been identified and detained (or so it seems) and will be prosecuted in Moscow soon.

Altogether the criminals have earned an estimated 790,000 roubles, or $25K. Moreover, they have caused other damages by blocking or crashing a yet to be determined number of personal and company PCs. Very often people have needed to re-install the OS and all software and then restore data from backups - even after paying the ransom.

But I wanted to focus on the outcome – or the possible outcome of this incident, not on the investigation, arrests and so forth.

This isn't the first computer related court case in Russia by a long way. Yes, money is being stolen, yes, sometimes the perpetrators are caught, and yes…sometimes they are even tried. And tried not only for breaking Statute 273 (creation, use and spreading malicious software for computers), but also for other, more serious, Statutes, such as Statute 159: Fraud. The latter could earn the perpetrator up to 10 years behind bars – if it's a group and if the amounts are ‘exceptionally large’ (by Russian standards).

So if we're talking about hundreds of thousands of roubles (which equates to tens of thousands of dollars) and crimes committed in the real world, not the ‘virtual world’ – the criminals will definitely get time behind bars. But in the case of computer-related crimes, we see the exact opposite – usually the criminals get off practically scot free.

I have no idea what the judges are thinking – but in most cases in Russia, and throughout the world, for that matter, cybercriminals receive very mild sentences and no jail time (they just get probation or a criminal record - see the ATM case). This is in spite of the fact that large sums of money can be involved, which are often far great than those in ‘real life’ fraud cases.

Are the judges sorry for these script kiddies? Or do they think money transferred over the Internet is not real money, or that cybercrime isn't a "real" criime?

I don’t know…but I suspect that in this current case, we'll just see the same old, same old – the criminals will get a slap on the wrist, the detectives and the prosecutors will curse and go drink vodka and my researchers will come to me once again and say ‘It seems as if we're in the wrong business’. Because every single time my team takes part in a cybercrime investigation which ends in no real penalties – they're demotivated. And wouldn't you be?

I'm thinking of starting a pool about the results of the Winlock court case:

  1. Nothing – no criminal record, no jail time
  2. 2 years probation
  3. 3 years of probation
  4. 1 year in jail
  5. 2 or more years in jail

Dibs on 3.

PS The story continues…A major Russian content provider is now being investigated in relation to this crime.

PPS More updates – and the story is growing. 10 people have been arrested in Moscow. The gang has been in operation for about a year, and the police are saying that they potentially earned over 500 million rubles (about $16 million.)


Oldest first
Table view

Costin Raiu

2010 Sep 01, 10:37

My bet

I'm a bit more pessimistic, hence: Number 2.


Deane Mallinson

2010 Sep 01, 12:46

my bet

would hope they get number 5 but in reality suspect they will get either 2 or 3


Mihai Barbulescu

2010 Sep 01, 15:23

My bet

Considering the latest updates and projected monetary figures I am going to put my bet on Number 5. (2 or more years in jail)



2010 Sep 02, 17:33


i can solve this problem,i have some codes to unlock windows and run mbmam to remove this infection,smart virus but nothing special



2010 Sep 07, 03:05

I can't concur

Your way of thought is very dangerous because you use the word "a criminal" as a label: you keep labelling people that "they are the wrongdoers!," while actually caring very little about the law and concrete crimes; not mentioning the whole criminal procedure and the essentials of criminal law. If only possible, you would punish people for what they are ("criminals"), not for their deeds and aims, and of course all the principles of law (such as the requirements that make a crime "purposeful," the rules about effect crimes, etc.) matter very little.

Whether these people indeed committed 15,279 crimes ON PURPOSE (with very little deeds on their side, so just as effects) appears to me not an easy question at all (of course probably because I'm not a lawyer). I wouldn't say that there was a special plan involving precisely these 15,279 events and maybe some more, so that each one of them was meant to happen with all its legal "crime elements" in mind. (Because, note, every single crime must go through the procedure; as the procedures apply in every case. This is important). "Instances" can just as well be categorized as "The Unpurposeful," along with chances; what decides here is that some of the elements which make a deed criminal were random and not embraced by will, targetted (actually, it is enough if only one of them is random); thus the allegedly criminal act was a chance too. And, apparently, the target often IS an element of a criminal paragraph, even an important element. But putting this aside, even in such stricts legal traditions which assert the criminality of such multiple yet untargetted instances/effects (note: just effects, not deeds) following from one very general plan (of course you ignore all tradition and want that people only follow your inspired prophetizing), even then there can be subtelties in the malware world which wouldn't let the judgement be SO easy as you'd like. Sorry but either you want law or, as appears to be the case here, a sort of priestly courts with mere moralists sitting as judges, basing on own opinions and not on laws, and no formal code at all. Or maybe you want that the formal code exists but keeps being ignored. In the latter case, please rethink if THAT would be moral. Maybe you are not programmers there at Kaspersky, or maybe you just don't have the balls and want that police does everything: "they bring much work to us," "we would like not to work so much, just to siphon money like the Antispy guys!"

Imagine a case where you bring a big white banner outdoor. The text on the banner is fraudulent. Now, 127 people fall to this scam. Can you say that there were 127 crimes which occured planned? ... I think it can be considered a civil violation, for example a dishonest marketing practice, but not a series of crimes each committed specially by the offender.

In the end, let me note that the above-mentioned limitation of the penal system is a Very Good Thing(TM) in my opinion, thanks to it the crimes are well hunted to a concrete moment in time, concrete place, and concrete will in every case. It is very good that acts, not "states of things," are punished in the penal law, this teaches people to be more thinking and responsible for their own actions.

Edited by myinfo, 2010 Sep 07, 03:22



2010 Sep 07, 13:01

Re: I can't concur


If you would like to comment on this article you must first

Bookmark and Share

Related Links