Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Dridex’s Upgrade Version Dridex v4 Adopts AtomBombing

 

IBM X-Force recently found the highly evil banker Trojan Dridex acting strong within the area of financial online crime undergoing robust version upgrade which's profusely targeting Internet bankers across Europe.

 

Just weeks back, the cyber-crime laboratory of IBM X-Force identified one novel veryimportant variant of Dridex as Dridex v4. This modified malware performs one fresh and innovative technique of injecting itself by using the method named AtomBombing that enSilo the security company first told of during October 2016.

 

Dridex happens to be the sole bank info-stealing malware which uses AtomBombing. Thechange with Dridex is particularly important at the time the change is with Trojans that believably a well-planned cyber-crime gang operated, since that can possibly cause other codes to imbibe the identical technique during forthcoming times.Securityintelligence.com posted this, February 28, 2017.

 

The Dridex in its previous attacks displayed characteristic act of watching over the trafficof its victim surfing banking websites so as to steal account and login info. But the latestDridex v4 exhibits the greatest change of code injection technique. According toresearchers, there's a very close monitoring of code injection by anti-virus as well as other
security software. The new injection methods that earlier Dridex variants perform aregetting too ordinary while easy to detect as well. That has what compelled cyber gangstowards employing the AtomBombing method within Dridex v4.

 

One different kind of approach, AtomBombing is that code injection tactic which does not depend on easily detectible API calls that earlier Dridex variants employed. In theAtomBombing method, Dridex v4 lets code injection devoid of the API calls.

 

The researchers describe that an attacker may incorporate malware into certain atom table while compel some legitimatesoftware towards recovering it from there.

 

'Dridex,' says X-Force, just summons NtProtectVirtualMemory from the injectionprocedure for altering the memory inside which its payload by then exists within theread/write/execute (memory). Consequently, Dridex is prompted for using the process called Windows asynchronous that runs the payload.

 

Down the years, Trojan Dridex's attackers employing various versions have been utterlystubborn. And though attacks have been in various numbers, the malware's innovations have been constant.

» SPAMfighter News - 02-03-2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next