Banker Trojans Dridex and Dyreza Re-Emerge Online

The infamous banker Trojans Dridex and Dyreza have reappeared within macro-based attacks that are rejigged and freshened, with Dyreza changing action to strike organization chains that supply to industries while Dridex aiming at devastating United Kingdom, caution security researchers from Proofpoint. Theregister.co.uk reported this in news on October 2, 2015.

The incidences of the two malware pieces are pretty perilous. Dyreza represents strong man-in-the-browser (MitB) banking malware that is being used for attacking entities no longer inside financial sector. From time to time, the malware's creators have struck on victims from the tax service, recruitment sector, domain registrars and those affected with cyberlockers. At present, Dyreza's quiver contains arrows like high-profile supply chain firms catering to industries.

The researchers at Proofpoint state that till September 17, 2015, Dyreza targeted an extra twenty companies that directly provided warehousing and fulfillment services with the companies including 5 wholesale PC sellers and 4 software firms. Theregister.co.uk reported this, October 2, 2015.

Also, capturing of credentials occurred at Iron Mountain, Apple, Badge Graphics Systems and OtterBox along with several other renowned service and technology companies for businesses and consumers.

It is observed that attackers are implementing an intentional methodology for attacking one fresh industry through out the supply string.

In the meantime, Palo Alto Networks the security company had corralled one massive phishing scam involving Dridex that chiefly targeted UK based victims.

According to Ryan Olson Intelligence Director at Palo Alto, there is one Microsoft Word file in the phishing electronic mails crafted for luring end-users into activating macros which summon attacker-controlled online sites serving Dridex. The assault continues to be active, Olson adds. Threatpost.com reported this in news on October 1, 2015.

Being fairly persuasive, recipients of the phishing e-mails comply. Usually, a retail/business order is mentioned in the e-mails followed with a payment solicitation. The attachments of malicious nature pose as a bill that reportedly can be viewed via the user enabling his macros. The macros then grab the Trojan from one of listed URLs. Palo Alto posted the names of those URLs, C&C domains as well as the other stuff indicating compromise.

» SPAMfighter News - 10/8/2015