My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Warning: Malicious emails claiming to be from Doctor Web

September 29, 2015

Virus makers often use names of well-known anti-virus companies to gain their victims' trust and make them install some malicious program on their computers. At the end of September, cybercriminals employed this method to distribute a dangerous Trojan designed to steal passwords.

Lately, some Internet users have received email messages claiming to be from Doctor Web. The messages having the “Hello [user name], we would like to invite you to become our Tester" header (“Здравствуйте, [имя пользователя], станьте нашим Тестером”) offer users to take part in testing of some tool called “Dr.Web CureIt 2”. At that, cybercriminals prompt the user to turn off their anti-virus software because it can be incompatible with the “tool”.

#drweb screen Trojan.PWS.Stealer.13052

One known case of this malicious mailing was registered on September 29, 2015, at 04:10 (Moscow time). The link from the message leads to a fraudulent website from which a Trojan, dubbed Trojan.PWS.Stealer.13052, gets downloaded to the victim's computer.

#drweb screen Trojan.PWS.Stealer.13052

This malicious program is designed to steal passwords and other confidential information stored on the compromised computer. Doctor Web would like to inform users that we are not conducting any tests of “Dr.Web CureIt 2”. Moreover, we strongly advise against installing and running any applications downloaded by opening links from such email messages.

The signature of Trojan.PWS.Stealer.13052 has been added to Dr.Web virus databases, and the fraudulent website has been added to the base of non-recommended websites. Do not, under any circumstances, disable your anti-virus software.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments