Site mimicking e-school downloads suspicious file onto user's device

Computer keyboard.
Computer keyboard. Source: Priit Mürk/ERR

While the real online education environment Stuudium cab be found at, users who accidentally navigate to end up downloading a suspicious file. The incident is being investigated by the Information System Authority (RIA).

RIA learned on September 4 that visiting the website downloads a .exe file onto the person's device. Users of the Estonian e-school site Stuudium could end up there by navigating to instead of the correct site

Spokesperson for RIA Seiko Kuik told ERR that the agency's cyber incidents department CERT-EE analyzed the file and found that it launches remote desktop software TeamViewer.

"TeamViewer is often used to control one computer from another," Kuik said.

He added that it is yet unclear why the site downloads the file and whether there have been attempts to take advantage of users if the file turns out to be malicious.

The domain in question is owned by an Estonian company that RIA have contacted.

"RIA recommends caution when handling unknown files and to refrain from opening them. If you do not know what it is, it is best not to download and definitely not open such files," Kuik warned.


Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Marcus Turovski

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: