Security Researchers Discover Admin Panel of Dridex, Leverage Vulnerability and Hijack Backend

The widely known Dridex a banker Trojan has been hijacking PCs via the contamination of always existent macros inside the MS Office suite. People know Dridex as capturing banking credentials and personal information once it compromises the system by camouflaging certain attachment as having Microsoft Word file delivered through a junk e-mail. Subsequently, the malware delivers ransomware onto target PCs for garnering bitcoin ransom payments that results in more destruction for the victims.

According to Buguroo a security vendor based in Spain, it recently managed in using an astonishingly easily exploitable vulnerability within Dridex's command-and-control infrastructure for acquiring the knowledge of what way exactly cyber-criminals use this malware. Studying the alerts with greater intensity, the researchers discovered a Dridex administrative panel's IP address, with the panel hard-coded within some malevolent JavaScript files employed for compromising the victim computer's Web-browser.

Dridex authors execute attacks in an enormously sized scale; therefore, they maintain many smaller infrastructures for this massive botnet. Security researchers have named these fractured infrastructures subnets. Because of subnets, security firms find it more difficult for identifying Dridex's operations. Similarly they find it more difficult for sinkholing the overall botnet infrastructure.

Security investigators from Buguroo were able in finding one Dridex section's admin panel that was earlier called Subnet 220. Luckily this subnet had an active Dridex backend of an older edition within which a few vulnerabilities had already been found.

Apart from capturing banking credentials, Dridex is getting used more-and-more for capturing credit card details through a mechanism called Automatic Transfer System, states Ferrezuelo. Buguroo in its research paper as well notes that cyber-crooks are currently utilizing Dridex's infrastructure for disseminating Locky ransomware. Darkreading.com posted this, April 8, 2016.

According to the security investigators, Dridex criminals work within short-burst outbreaks that they launch in multiple numbers after different intervals. Overall, they garner 16,000 card numbers during a single outbreak from which approximately $500 is stolen out of each victim.

Because these illegal monetary dealings are identified and blocked at banks within 90% of instances, it implies crooks collect $800,000-or-so per outbreak. For now, it's advisable that users don't open any electronic mail having dubious attachment.

» SPAMfighter News - 4/15/2016