Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Cybercriminals Changed Tactics and Started Using ‘Dridex’ to Steal Banking Credentials

According to researchers of Palo Alto Networks, cybercriminals using Dridex banking Trojan to steal sensitive information of Internet users have changed the way of distribution of malware.

Dridex which is the successor of Cridex/Feodo/Geodo trojans was first spotted in July 2014 and cybercriminals use this threat to collect information for fraudulent bank transactions.

Dridex was mostly distributed through executable files attached to spam emails till recently. However, researchers of Palo Alto Networks observed that cybercriminals have started distributing the threat with the help of macros placed inside Microsoft Word documents which look innocent.

The attackers attached complex programs written in Visual Basic for Applications (VBA) to macros in the document files. The macro is designed to download an executable file from one of the many URLs and run it on the infected system.

Researchers say that the malware is hosted on legitimate websites which have been hijacked by the attackers.

Palo Alto confirms that volume of Dridex attacks has reduced much as compared to July and August but the company has warned that latest attacks are still quite more.

Researchers of Palo Alto say that the latest Dridex campaign started on 21st October, 2014 and the actors of this are relying on electronic mails asserting to deliver an invoice from various brands including Humber Merchant's group.

It seems that US is the most targeted nation because more than 50% of the samples belong to recipients in this region although samples of tainted emails have been recorded in other global regions like Taiwan, United Kingdom, Canada, Netherlands, Belgium, Australia, Germany, Israel, Spain and Norway as well.

The moment the malevolent Word document runs, the script in it downloads the malware from a hijacked website and executes it on the system to add various Dridex variants into the tainted computer with all bearing the same purpose of embezzling credentials for online banking sites to enable cybercriminals to drain out the victim's account.

You can protect yourself against this series of Dridex attacks by disabling macros in Microsoft Word. Palo Alto suggested that Macro-based malware has been around well over a decade and most organizations should have this malware disabled by default and enabling macros only for trusted files.

» SPAMfighter News - 06-11-2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next