SCF Advanced Search

  • Total Members: 14062
  • Latest: jagwire
  • Total Posts: 41441
  • Total Topics: 14944
  • Online Today: 614
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Dr Web's Anti-Virus research lab Firebombed by the creator of ATM skimmer virus  (Read 2155 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Russian ATM VXers have firebombed the research lab of an anti-virus firm after its researchers refused to retract reverse engineering analysis of their malware.

The attack followed email threats by the group calling itself the 'Syndicate' to the Moscow company which sold the Shield antivirus product that prevented the gang's malware running in ATMs.

Dr Web says it refused to comply with demands to remove references to ATM malware analysis:

Its St Petersburg laboratory was twice firebombed with only minor damage inflicted.

"You have a week to delete all references about ATM skimmers … otherwise Syndicate will stop cash-out transactions and send criminals for your programmers’ heads," the first threat letter read.

A subsequent email on 13 March warned that the Syndicate would destroy all Dr Web offices "throughout the world"

"If you don’t delete all references about ATM skimmer viruses from your products and all products for ATM (sic), the international carder syndicate will destroy Doctor Web’s offices throughout the world," the subsequent letter says.

The criminals make a confused claim that they will also lobby for the "prohibition of usage of Russian anti-viruses" that such software is the handiwork of Moscow intelligence services.

The antivirus company says it will not capitulate to VXer threats.

"Doctor Web considers its duty to provide users with the ultimate protection against the encroachments of cybercriminals," the company says.

"Consequently, efforts aimed at identifying and studying ATM threats are in progress as is work to improve Dr. Web ATM Shield."

Dr Web boss Boris Sharov told KrebsonSecurity the Syndicate was likely a customer of the malware rather than the authors.

He says three physical intrusions were made into the office but did not elaborate.

Boris reckons a job was placed on criminal underground forums requesting the bombing of the offices. He says the attacks seemed unprofessional and resulted in more damage from the firetrucks than flame.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising