Wednesday, 29 October 2014

dridex-banking-trojan
Dridex Banking Trojan Is Spreading Via MS Word Document


After Hack Intel reported about return of  Dyre Malware in Phishing Game, here another reports says that cyber criminals are using Dridex, the Banking Trojan to steal sensitive information from the internet users.

Dridex is reenhanced form of a malware formerly known as Cridex/Geodo/Feodo. The trojan is sused for stealing banking credentials from the victim's computer, Cyber Security Firm Palo Alto Networks reports.

In previous time, Dridex was mainly distributed by exe files sent via emails. But as the report shows, hackers are using macros,placed inside the innocent-looking Microsoft Word Document.

The infected files contain macros injected with malicious complex programs developed by hackers in Visual Basic for Applications (VBA). The macro then downloads an EXE file from one of its predefined URLs by hackers in the victim's computer.

The downloaded malware is originally hosted on a normal website which was hacked previously by the attackers to use it as a storage device. Dridex uses a XML based file to decide which website to connect and completes the connection with the Command and Control server over HTTP.

The attacked victims are mainly from United States where several cases were reported from UK, Taiwan, Netherlands, Canada, Australia and Belgium as well.

Abuse.ch, the company behind researching about Dridex found in September that the creators of Dridex translate their working version over a short period of time. Palo Alto also noticed that the usage of Dridex has decreased considerably between July and August. Which means that the hackers may have already started to work on their next version of  Dridex.

Ryan Olson, intelligence director of Palo Alto Networks advices to disable Macros in MS Word to be in the safe side from Dridex. He said, disabling Macros in MS word except from the trusted sources is always a good practice for Big Organizations as macro-based malwares are always common in Email Scam and Phishing Campaigns. 

0 comments:

Post a Comment