![]() |
| Dyre Malware Is Back In Phishing Game: US-CERT Reports |
US-CERT,United States Computer Emergency Readiness Team, a undertaking of Department of HomeLand security warns that Dyre Malware which is good in stealing user credentials of Bank and Online Services is back again in a Phishing Campaign.
Dyre Malware is famous for its capability of digging up user credentials from victims system. The Malware was first descovered in June targeting large financial companies. It was last spotted active in a campaign against Salesforce.com
"Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware," US-CERT said. "Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s). Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware."
Malware is spreading via malicious PDF attachments. The malware takes advantages of CVE-2013-2729 and CVE-2010-0188 in the unpatched versions of Adobe Reader.
The emails associated with a campaign use the misspelled subject line "Unpaid invoic" as well as the attachment "Invoice621785.pdf."
To get into the system folder, the malware copies itself under C:\Windows\[RandomName].exe and creates a service named "Google Update Service" by setting the following registry keys:
- HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\ImagePath: "C:\WINDOWS\pfdOSwYjERDHrdV.exe"
- HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\DisplayName: "Google Update Service"
Instead of banking trojan such as Zeus Trojan malicious software developers are now developing such malwares to get access to the system of healthcare industry, retail, software industry and others for stealing user credentials. It becomes a big threat when the stolen data are used for identity theft to commit wire fraud.
Such Developers are making their hands more dirty by enhancing the existing malware by implementing more features into it. Nowadays Malwares keep the eligibility to show certificates from a trusted Certificate Authority to encrypt command and control communications between the Trojan and its master server as well as a "browser snapshot" feature that collects cookies. They also can produce client-side certificates and private keys used by Internet Explorer and Firefox.
So it's clear Malwares have become a serious cyber threat to companies as well as normal internet users. US-CERT advices people not to click any suspicious link or to check it with secured link checker offered by many third-party websites before clicking it.
Source: US-CERT Documentation

0 comments:
Post a Comment