Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Dridex’s Hijacker White-Hat Hacker Delivers Avira AV in Place of Payload


Criminal hacking cabal Evil Corp. possesses and runs Trojan Dridex notoriously known for stealing bank information. A highly successful botnet, Dridex made several million dollars; however, it largely ceased to work following a key member of its gang getting arrested inside Paphos, Cyprus following his attempt at defrauding a bank off USD 3.5m (EUR 3.12m).

German firm Avira Operations the maker of Avira anti-virus explains that some entity seemingly disabled the Trojan, partly preventing it from disseminating its malicious payload, while in the place of the malevolent web-links put downloaders of one AV tool. Fundamentally, the URL downloading Dridex has had its server files changed to the earliest, updated edition of Avira AV's Web installer.

Before this incident, the usual modus operandi of Dridex involved distribution of spam mails which carried malware-laced Word files. If pulled down and viewed, end-users got directed for activating their "Macros" a utility in Word software. The function of Macros is to let Word execute several automated operations serially. Within the present instance, the malware-laced Word documents pulled down and planted Dridex. Softpedia.com posted this dated February 8, 2016.

Anytime someone victimized with Dridex tries logging into a banking website, the Trojan immediately taps into the communication followed with diverting that end-user onto one fake web-page that appears identical to the real bank site. This is done to capture victim's account log-in credentials that would be used for the crooks to carry out spurious transactions on his name.

It seems somebody compromised the CnC servers followed with diverting each and every inbound download request onto one fresh file namely Avira AV. CnC servers frequently succumb to opposition cyber gangs' hacking for the latter making their own botnets more powerful. But for any white-hat hacker compromising the CnC brings to mind last October's Linux.Wifatch incident wherein The White Team name of one white-hat hackers' group developed one family of new malware which contaminated attack prone IoT devices followed with subsequently attempting at enhancing their defenses.

When anti-virus firm Avira started functioning it offered its product free of cost and even now greatly continues to do so.

» SPAMfighter News - 15-02-2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next