Bitdefender Intercepts Spam Campaigns Spreading Dyre

Security firm Bitdefender has discovered an international spam campaign distributing banking Trojan Dyre. Malware analysts of Bitdefender say that the threat uses different approaches to maximize damage.

The security vendor says that thousands of individuals were requested to download an archive which contains a malicious.exe file claiming to have come from a tax counselor.

The company explains that an email follows asking users to immediately download the archive and submit details to complete a monetary transaction.

A very similar hoax notification, from the next day of the explosion, pretends to enclose financial documents and urges the user to prove its authenticity. A third spam email warns the user about fines imposed on his enterprise and asks him/her to see "the administrative determination."

Bitdefender says that the .exe file operates as a downloader procures and executes the Dyreza banking Trojan which is also known as Dyre.

HELP NET SECURITY published news on 7th July, 2015 quoting Catalin Cosoi, Chief Security Strategist of Bitdefender, as saying "Dyre is first seen in 2014 and it is very akin to the notorious Zeus. The Trojan installs itself on the computer of the user and gets activated only when the he enters credentials on a particular site which is usually a login page of a bank or financial service. Hackers inject tainted JavaScript code via a man-in-the-browser attack, allowing them to embezzle credentials and manipulate accounts further totally secretly."

The company claims that 30,000 of these emails were sent on a single day from servers in France, UK, US, Turkey and Russia aiming to steal banking credentials of online victims.

Cybercriminals in the UK have targeted customers of High Street banks including Royal Bank of Scotland, Barclays, Lloyds Bank and Santander. Meanwhile, Bitdefender warn that in the US, customers of Citibank, Bank of America, JP Morgan Chase, Wells Fargo and PayPal might have all been targeted.

Theguardian.com published news on 7th July, 2015 quoting Cosoi as saying "In view of the malware's behavior, it is worth mentioning that reduction of this vulnerability does not lie with the targeted financial institutions but it lies with own actions of users."

Therefore, users should avoid clicking on URLs contained in e-mails from unidentified emails and keep anti-malware solutions of their systems up-to-date.

» SPAMfighter News - 7/21/2015