Latest Cridex Malware Uses Mechanism of Self-Developing Infection

Security researchers of threat protection firm Seculert say that a latest version of the data-stealing malware namely Cridex (Bugat/Feodo) is discovered which depend on a worm to distribute from one machine to another.

Researchers of Seculert recently examined the system of self-developing infection used by Trojan nicknamed "Geodo". When it enters into a system, it downloads another piece of malware which is a worm which starts contacting command and control (C&C) server from where it receives the information for the distribution process.

The C&C provides a list of 50,000 stolen credentials of Simple Mail Transfer Protocol (SMTP) with their server's details. The malware receives email subject lines, email body text, "from" addresses and it sends messages to 20 email addresses with the help of stolen SMTP credentials and then it is repeated again for 20 different addresses.

According to Seculert, Germany is the origin for stolen SMTP credentials comprising 46%.It has been substantiated as German citizens are attacked via emails in German language by the threat actors of Geodo.

Besides Germany, Geodo past variants is also striking Internauts from Hungary, Austria, and the United States, largely, Seculert pointed out.

The emails contain a link which directs to downloading a ZIP archive with an executable hidden as a PDF (Portable Document File), which if opened, installs Geodo on the computer and the uninterrupted cycle is initiated.

Geodo sucks up everything it can to have further reach beside traditional malware for stealing money.

Threatpost.com published a statement on 2nd July, 2014 quoting Aviv Raff, Chief Technical Officer (CTO) of Seculert as saying "they seem to use any opportunity for mass infection instead of only attacking any one specific company or industry. They try to collect maximum information from the stolen data and sell to someone with a price or identify specific companies. They try to steal everything which is a criminal activity.

The security firm added that this is an indication of a growth in cybercrime tools which is used to collect information which can facilitate industrial espionage later on or even selling out to states interested in the movements.

» SPAMfighter News - 7/11/2014