Dyre Trojan Becoming More Sophisticated - Symantec

Symantec, a security firm, recently released a report revealing that cybercriminals running Dyre banking Trojan have built an impressive infrastructure which amounts to hundreds of servers tasked with assignments designed to maintain and expand the activity of the malware.

Money stealing activity of Dyre follows a popular pattern with the web browser being hijacked to monitor web sessions and then redirecting the victim to fake websites or changing the content of the web pages on the fly to collect banking login credentials of the victim.

This one has moved to superior levels unlike malware of the same feather with 285 command and control (C&C) servers and 44 other machines which deliver plug-ins and additional payloads or execute (MitB) attacks.

Cybercriminals have organized C&C machines in such a manner that permits only two IP addresses to be activated at the same time for command and control tasks and dispatching modules.

Computerworld.in published news on 25th June, 2015 quoting Symantec as "Financial institutions in the US and UK are the most targeted but India is not far behind which ranks sixth globally and second in Asia."

Symantec added: "The malware also attacks users of electronic payment services and HR-related websites along with financial institutions. It is a multi-pronged threat and is frequently used to download additional malware into the computer of the victim. In several instances, the victim is added to a botnet that is then employed to send thousands of spam emails in trying to distribute the threat further in the field."

Dyre Trojan has distributed other threats which are identified as: Trojan.Spadoluk, Trojan.Spadyra, Infostealer.Kegotip, Trojan.Pandex.B, Trojan.Doscor, Trojan.Fareit, Trojan.Fitobrute.

Symantec said that they have observed their activity and found that the attackers stick to a five-day work during the UTC +2 or UTC +3 time zone which indicate that they operate outside eastern Europe or Russia.

The security firm highlights some simple tips to minimize the chance of being infected with Dyre. These include: Always keep your security software, operating system and other software updated to protect yourself from any new versions of this malware. Updates of software will often include patches for newly discovered security vulnerabilities which could be exploited by attackers.

» SPAMfighter News - 7/1/2015