Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Banking Botnets Dyre and Dridex Beginning to Appear Similar

The banking botnets Dyre ranked as No.1 and Dridex ranked as No.3 on the Internet have executed assaults thus far employing various methodologies, usually within various countries of the world. Security Company IBM, which detected one fresh Dridex edition (v3.161), states the variant got leveraged within assaults inside the UK dated 6th January, 2016. Soon one wave of infection schemes followed which targeted United Kingdom Internauts.

Dridex, by targeting online banking sites, is taking Web-surfers onto rogue Internet Protocols where controllers of the malware harbor copycats of banking sites similar as Dyre did before. Dridex dupes infected users into viewing bogus files containing so-called invoices appearing as Microsoft Office documents which actually deliver the Trojan's malicious payload through tainted macros.

As accords to IBM, the said copycat sites are capable of dealing with second passwords, tokens, answers to secret queries, as well as dual-factor validation codes. As end-users browse their banking sites, Dridex diverts them onto some other site, which the Trojan's operators crafted, in attempts to steal their password or login credentials even as both the end-user and bank remain unawares.

In doing this, Dridex employs the method of DNS poisoning rather than use one local proxy. Thus, Dridex hunts to find DNS entries that are stacked in local repositories. By DNS entries it means data files which store particulars connecting an online site with an Internet Protocol. Softpedia posted this dated January 20, 2016. While not uncommon, the method as described requires plentiful preparatory time.

Elaborating on it, Limor Kessem of IBM writes that any diversion assault requires the criminal group to make huge investments for crafting website copycats such as of bank sites intended for attack. When the Dyre banking Trojan began doing this, there were a dozen and more banking sites it targeted. This was an operation of rather resource-concentrated one which ultimately made Dyre's controllers return to the old page-substitution and web-injection techniques.

It seems the Dridex gang has elevated its efforts fast although, making one to think if both Dyre and Dridex gangs share chief management/developers, alternatively if Dridex operators bought certain website copycats from Dyre operators.

» SPAMfighter News - 1/27/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page