Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Dridex Botnets are still active and effective

The Dridex Banking Trojan has risen again despite the recent operation conducted by law enforcement on a global scale. Spam campaign relying on the Dridex malware continues to threaten banking users across the world despite the operations conducted by law enforcement on a global scale. We left Dridex malware spreading across the Europe, in particular targeting […]

Dridex Botnets are still active and effective

The Dridex Banking Trojan has risen again despite the recent operation conducted by law enforcement on a global scale.

Spam campaign relying on the Dridex malware continues to threaten banking users across the world despite the operations conducted by law enforcement on a global scale. We left Dridex malware spreading across the Europe, in particular targeting the customers of the banks in the UK. In October, the NCA has uncovered a series of cyber attacks based on a new strain of the Dridex banking trojan that allowed crooks to steal £20m in the UK alone.

dridex map

Now Dridex is once again in the headlines, spam emails containing the famous malware are continuing to target netizens despite the arrest of one of its botmasters in August.

A couple of weeks ago the experts at Palo Alto Networks confirmed that the overall volume of Dridex emails peaked nearly 100,000 per day, this new campaign already reached 20,000 emails, mostly targeting emails accounts in the UK.

“After Brian Krebs reported the September arrests of alleged key figures in the cyber crimegang that developed and operated Dridex, Unit 42 observed a marked decrease in activity related to this banking Trojan – at least until today.  Dridex re-entered the threat landscape with a major e-mail phishing campaign. Leveraging the Palo Alto Networks AutoFocus platform, we identified samples associated with this resurgence.” states Palo Alto in a blog post.

The U.S. Department of Justice said on Oct. 13 it was seeking the extradition of the Moldovan Andrey Ghinkul, he is accused of using the Dridex malware to steal US$10 million from U.S. companies and organizations.

Resuming Dridex has risen again, explained Brad Duncan, a security researcher with Rackspace.

“In early September 2015, we started seeing reports about arrests tied to Dridex malware.  About that time, we noticed a lack of botnet-based malicious spam (malspam) pushing Dridex malware.  During the month of September, Dridex disappeared from our radar.  By the beginning of October 2015, malspam pushing Dridex came back, and it’s continued since then.” Duncan wrote in a blog post on the Internet Storm Center. “This morning (Friday 2015-10-23) when I searched VirusTotal for #Dridex, I found more than 80 comments posted by at least a dozen individuals after the 2015-08-28 arrest.  These #Dridex comments covered 28 Word documents, 4 Excel spreadsheets, and 37 Win32 EXE files.  I also found 14 URLs tagged as #Dridex in the comments.”

If you searching more data on the Dridex botnet, give a look to the analysis published by the experts at Dell SecureWorks or the analysis published on the Dynamoo’s Blog and Techhelplist.com.

Stay tuned!

Pierluigi Paganini

(Security Affairs –  Dridex botnets, malware)