The malicious element can be removed using legitimate software

Aug 13, 2012 08:28 GMT  ·  By

Experts are reporting that scam artists are leveraging the reputation of the newly discovered Dorifel (Win32/Quervar.C) Trojan in an attempt to dupe internauts into paying for shady support services.

Dorifel is a nasty piece of malware that has been targeting users, mostly from Netherlands, where it has infected over 3,000 machines.

ESET Senior Research Fellow David Harley reveals that Martijn Grooten of Virus Bulletin has discovered that telephone support scammers are trying to convince users from the Netherlands to let them remove the threat.

“There’s no indication that these scammers have any connection at all with the gang behind Quervar. In fact, I’ve seen no evidence to date of a direct link with fake AV/scareware either: while they sometimes deliberately trash a victim’s system,” Harley writes.

For the time being, it’s uncertain what these cybercriminals are actually trying to do, but besides tricking individuals into handing over money, they might be also attempting to install backdoors that would allow them to access the victim’s system later.

This isn’t the first time when scammers leverage a hot topic to try and convince unsuspecting users to pay money for alleged virus cleaning services. Back in July, after the world learned of the existence of Medre, a piece of malware designed to steal AutoCAD files from companies in Peru, crooks started advertising a number of shady removal products.

Antivirus vendors have updated their solutions to ensure that they detect any signs of Dorifel, so in case you suspect that your computer may be impacted, use a legitimate application to detect it an get rid of it. Also, ESET has provided a cleaner tool for it.

Whatever you do, never install any apps in response to a phone call you get out of the blue from an alleged support company that wants to help.