Site mimicking e-school downloads suspicious file onto user's device
While the real online education environment Stuudium cab be found at stuudium.com, users who accidentally navigate to stuudium.ee end up downloading a suspicious file. The incident is being investigated by the Information System Authority (RIA).
RIA learned on September 4 that visiting the stuudium.ee website downloads a .exe file onto the person's device. Users of the Estonian e-school site Stuudium could end up there by navigating to stuudium.ee instead of the correct site stuudium.com.
Spokesperson for RIA Seiko Kuik told ERR that the agency's cyber incidents department CERT-EE analyzed the file and found that it launches remote desktop software TeamViewer.
"TeamViewer is often used to control one computer from another," Kuik said.
He added that it is yet unclear why the stuudium.ee site downloads the file and whether there have been attempts to take advantage of users if the file turns out to be malicious.
The domain in question is owned by an Estonian company that RIA have contacted.
"RIA recommends caution when handling unknown files and to refrain from opening them. If you do not know what it is, it is best not to download and definitely not open such files," Kuik warned.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Marcus Turovski