September 29, 2015
Lately, some Internet users have received email messages claiming to be from Doctor Web. The messages having the “Hello [user name], we would like to invite you to become our Tester" header (“Здравствуйте, [имя пользователя], станьте нашим Тестером”) offer users to take part in testing of some tool called “Dr.Web CureIt 2”. At that, cybercriminals prompt the user to turn off their anti-virus software because it can be incompatible with the “tool”.
One known case of this malicious mailing was registered on September 29, 2015, at 04:10 (Moscow time). The link from the message leads to a fraudulent website from which a Trojan, dubbed Trojan.PWS.Stealer.13052, gets downloaded to the victim's computer.
This malicious program is designed to steal passwords and other confidential information stored on the compromised computer. Doctor Web would like to inform users that we are not conducting any tests of “Dr.Web CureIt 2”. Moreover, we strongly advise against installing and running any applications downloaded by opening links from such email messages.
The signature of Trojan.PWS.Stealer.13052 has been added to Dr.Web virus databases, and the fraudulent website has been added to the base of non-recommended websites. Do not, under any circumstances, disable your anti-virus software.