Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Circor International Delivers Malware through Emails - Dynamoo’s Blog

Softpedia.com published news on 3rd February, 2015 quoting Conrad Longmore, Security Researcher of Dynamoo's Blog, as saying "Malware is being distributed through fake emails asserting to be from Circor International, a firm that produces products for power generation, energy, aerospace and security infrastructure markets based in Burlington, MA (US).

The message carries a bill in Word document and is escorted with a bogus scan result from MessageLabs (a Symantec-owned cloud-based web security service) to dupe users into thinking that the file is not tainted in nature.

According to VirusTotal, the word file is mixed with a maligned macro script which is poorly identified by antivirus software solutions. The poor detection is due to the commands incorporated in the macro that are complicated.

If the Word's macros characteristic is enabled (Microsoft has disabled it to protect against such risks), Dridex Trojan (bin.exe) is downloaded from "gloo.ng/js/." The page serving the malware initially displayed a 404 error.

Gloo is a genuine online supermarket in Nigeria.

As per Longmore, Dridex is saved in the temporary folder as "dsfsdf.exe" and it has a VirusTotal detection rate of 3/48.

Interestingly, Dridex is a variant of Cridex malware and it is also designed to steal personal information.

As far as Command and control (C&C) servers are concerned, the malware (referring to Dridex) appears to contact two IP addresses. One of them belongs to Universidade De Sao Paulo in Brazil and the other belongs to SIA MWTV which is an Internet provider in Latvia.

Dridex is relatively new malware and it is normally detected by major anti-virus products. The best bet is to keep updated anti-virus products and using common security practices regarding phishing e-mails is also a top defense.

Finally, Circor is not the only genuine company which has been targeted by scammers since the beginning of 2015 because SaskPower, the main electric utility in Saskatchewan, Canada, also warned users of scam emails and fake telephone calls. The spam emails and telephone calls were made to inform customers that either their power was going to be turned off or ask for financial information in early January 2015.

» SPAMfighter News - 2/16/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page