Dridex Resurfaces to Make New Smaller Spam Outbreaks

The Dridex gangsters or those cyber criminals responsible for the banker Trojan Dridex have been somewhat silent starting middle of June 2016 approximately when Necurs another botnet the Dridex cyber criminals run was terminated only to re-emerge following a 3-week period.

From that time on, distribution of Dridex appears to have halted as its each spam campaign spewed merely some thousands messages that sounds trivial when compared with spam mails it sent in the millions during May and before.

ProofPoint the cyber security company analyzes the latest decline in Dridex's operations as significant alterations in the mode of operation by the controllers of the banker Trojan. Within one blog post ProofPoint researchers state that this pretty lower volume of spam indicates the botnet is narrowing down attacks to more higher-profiles, making the threat actors free enough for chasing more lucrative targets as well as leveraging stolen databases far more efficaciously.

Dridex perpetrators served their Trojan to victims through Microsoft Office files containing malevolent macro scripts. These malware-tainted Office files were targeted at business organizations even as the Dridex spam was made lower in volume.

According to the researchers, as different from earlier Dridex campaigns, which conducted widespread distribution of massive amounts of spam mails globally, the latest activities of the banker Trojan concentrates chiefly on spreading Locky the thriving ransom software. Dridex was further observed as attacking point of sale devices, posted ibtimes.co.uk online dated August 20, 2016.

Now with an increase yet again of Dridex spam, it seems preparations are on for conducting the malware's distribution more broadly to target various nations across the world.

And with one more indication of Dridex crew leveraging their ware, the researchers at ProofPoint state they have discovered the gang employing Neutrino an attack toolkit for delivering the Trojan. This tactic is new for the group which it didn't apply within many of its campaigns earlier. The attack toolkit spam outbreak was made to target users in UK and Switzerland.

Dridex owners, ProofPoint says, are continuing to make money out of their malware by attacking only few large organizations, several providing financial services.

» SPAMfighter News - 8/24/2016