Dridex’s Upgrade Version Dridex v4 Adopts AtomBombing

IBM X-Force recently found the highly evil banker Trojan Dridex acting strong within the area of financial online crime undergoing robust version upgrade which's profusely targeting Internet bankers across Europe.

Just weeks back, the cyber-crime laboratory of IBM X-Force identified one novel veryimportant variant of Dridex as Dridex v4. This modified malware performs one fresh and innovative technique of injecting itself by using the method named AtomBombing that enSilo the security company first told of during October 2016.

Dridex happens to be the sole bank info-stealing malware which uses AtomBombing. Thechange with Dridex is particularly important at the time the change is with Trojans that believably a well-planned cyber-crime gang operated, since that can possibly cause other codes to imbibe the identical technique during forthcoming times.Securityintelligence.com posted this, February 28, 2017.

The Dridex in its previous attacks displayed characteristic act of watching over the trafficof its victim surfing banking websites so as to steal account and login info. But the latestDridex v4 exhibits the greatest change of code injection technique. According toresearchers, there's a very close monitoring of code injection by anti-virus as well as other
security software. The new injection methods that earlier Dridex variants perform aregetting too ordinary while easy to detect as well. That has what compelled cyber gangstowards employing the AtomBombing method within Dridex v4.

One different kind of approach, AtomBombing is that code injection tactic which does not depend on easily detectible API calls that earlier Dridex variants employed. In theAtomBombing method, Dridex v4 lets code injection devoid of the API calls.

The researchers describe that an attacker may incorporate malware into certain atom table while compel some legitimatesoftware towards recovering it from there.

'Dridex,' says X-Force, just summons NtProtectVirtualMemory from the injectionprocedure for altering the memory inside which its payload by then exists within theread/write/execute (memory). Consequently, Dridex is prompted for using the process called Windows asynchronous that runs the payload.

Down the years, Trojan Dridex's attackers employing various versions have been utterlystubborn. And though attacks have been in various numbers, the malware's innovations have been constant.

» SPAMfighter News - 3/2/2017