Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Security Researchers Discover Admin Panel of Dridex, Leverage Vulnerability and Hijack Backend


The widely known Dridex a banker Trojan has been hijacking PCs via the contamination of always existent macros inside the MS Office suite. People know Dridex as capturing banking credentials and personal information once it compromises the system by camouflaging certain attachment as having Microsoft Word file delivered through a junk e-mail. Subsequently, the malware delivers ransomware onto target PCs for garnering bitcoin ransom payments that results in more destruction for the victims.

According to Buguroo a security vendor based in Spain, it recently managed in using an astonishingly easily exploitable vulnerability within Dridex's command-and-control infrastructure for acquiring the knowledge of what way exactly cyber-criminals use this malware. Studying the alerts with greater intensity, the researchers discovered a Dridex administrative panel's IP address, with the panel hard-coded within some malevolent JavaScript files employed for compromising the victim computer's Web-browser.

Dridex authors execute attacks in an enormously sized scale; therefore, they maintain many smaller infrastructures for this massive botnet. Security researchers have named these fractured infrastructures subnets. Because of subnets, security firms find it more difficult for identifying Dridex's operations. Similarly they find it more difficult for sinkholing the overall botnet infrastructure.

Security investigators from Buguroo were able in finding one Dridex section's admin panel that was earlier called Subnet 220. Luckily this subnet had an active Dridex backend of an older edition within which a few vulnerabilities had already been found.

Apart from capturing banking credentials, Dridex is getting used more-and-more for capturing credit card details through a mechanism called Automatic Transfer System, states Ferrezuelo. Buguroo in its research paper as well notes that cyber-crooks are currently utilizing Dridex's infrastructure for disseminating Locky ransomware. Darkreading.com posted this, April 8, 2016.

According to the security investigators, Dridex criminals work within short-burst outbreaks that they launch in multiple numbers after different intervals. Overall, they garner 16,000 card numbers during a single outbreak from which approximately $500 is stolen out of each victim.

Because these illegal monetary dealings are identified and blocked at banks within 90% of instances, it implies crooks collect $800,000-or-so per outbreak. For now, it's advisable that users don't open any electronic mail having dubious attachment.

ยป SPAMfighter News - 15-04-2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next