The AV software was incorporated into a Dr Web product called Shield which miffed the owner of the VXer malware.
A gang calling itself the Syndicate told the company to remove the scanning from their product or else there would be consequences. Something along the lines of “that is a nice anti-virus company you have there, we wouldn’t want anything to happen to it.
“You have a week to delete all references about ATM skimmers … otherwise Syndicate will stop cash-out transactions and send criminals for your programmers’ heads,” the first threat letter read.
Needless to say Dr Web told the scammers to go forth and multiply or remove references to its ATM malware analysis from the web.
So far the St Petersburg laboratory was twice firebombed with only minor damage inflicted.
A subsequent email warned that the Syndicate would destroy all Dr Web offices “throughout the world”
The gangsters also make the surprising claim that they will lobby for the “prohibition of usage of Russian anti-viruses” because such software is the handiwork of Moscow intelligence services. We are not sure who they would lobby.
The antivirus company says it will not capitulate to VXer threats.
“Doctor Web considers its duty to provide users with the ultimate protection against the encroachments of cybercriminals,” the company says.
Dr Web boss Boris Sharov told KrebsonSecurity the Syndicate was likely a malware customer rather than the authors.
A job was placed on criminal underground forums requesting the bombing of the offices. He says the attacks seemed unprofessional and resulted in more damage from the fire service than the firebomb.