Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Dridex’s Latest Version Scarier than Its Predecessor


The Dridex malware that threat actors and hackers once highly preferred in their attacks is back again with an upgrade that's far more frightening compared to its earlier version.

The latest edition of Dridex is extremely destructive while it chiefly targets financial institutions based in USA.

The earlier Dridex banking Trojan leveraged malevolent Microsoft Office documents directing PC operators to activate their macros. Immediately when the macro support was enabled, the malevolent Office file pulled down the Dridex Trojan for subsequent planting onto the infected computer.

Dridex's latest version currently has M.O in a changed form, so rather than downloading the Trojan, activated macro scripts pull down one Personal Information Exchange (PFX) file that normally software certificates use to save encryption keys both private and public to carry out different operations. Softpedia.com posted this dated June 3, 2016.

Generally, these PFX files are recognized as harmless when security solutions, particularly anti-virus software, intervene during their entry into the host systems and so mark them friendly, overlooking them from all subsequent scrutiny.

Security researchers explain that the latest Dridex edition wears one fresh avatar since it does not anymore serve fake notifications and invoices for duping the end-user instead entices the victim in such a way that he would willingly view an incoming spam mail followed with opening an included attachment that obviously contains malicious software. What's more, this malicious software comes together with one command-line program namely Certutil, which gives the malware an appearance of real certificate.

Once the infected computer is loaded with the PFX file, Certutil begins getting downloaded with the aid of that same macro which pulled down the PFX. Certutil is described as one command-line utility built into Windows to do only one function that of handling certificates under the Certificates Services program beginning with Windows Server 2012 and Windows 8.

Certutil manipulates the PFX to change it to a Dridex executable that thereafter contaminates the end-user's system. In the meantime, the anti-virus as stated earlier labels the executable as friendly, implying there will not be any monitoring over it, thereby letting the Trojan go undetected.

» SPAMfighter News - 09-06-2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next