What is StealRat


Vulnerable computer systems and applications:

Websites and their content management systems, personal computer operating systems, browser plugins.


StealRat is a spamming botnet. StealRat gets into systems via vulnerable content management systems and unsecure operative systems. The botnet exploits infected websites to send spam and further spread the infection. Infected computers are used as intermediaries between infected sites and spam servers to disguise the real spam sender.



When a website is affected:

  • Check file names in servers to see if any common malware names (m13e.php or sm14e.php) are used;


If the computer is infected, it should be enough to just scan the computer with reliable anti-virus software.

Prevention for websites:

  • Allow connection to CMS only from an internal corporate network or from set IP addresses;
  • Close unused ports and manage connections over the ports used;
  • Prohibit connection to servers on all ports and protocols other than those necessary for the operation of the web page;
  • If you use open-source CMS, update them regularly;
  • Do not use unnecessary CMS plugins;
  • Regularly change administrator and user with access to the CMS passwords;
  • Use scanning software to ensure website and database security and look for vulnerabilities.


Prevention for computers:

  • Install or update used device protection systems;
  • Scan your computer with an anti-virus program;
  • Install operating system and application updates;
  • Do not click on suspicious links in emails and websites;
  • Only use software and browser plugins from trusted sources.