The Dyre malware is yet again targeting online bankers by stealing their user credentials. This time it is making use of a phishing campaign, says US-CERT.
According US-CERT, a phishing campaign has targeted a wide variety of recipients by using the Dyre/Dyreza banking malware. The Phishing emails used in this campaign includes a PDF attachment named Invoice621785.pdf. These malicious PDF attachments take advantage of unpatched versions of Adobe Reader (CVE-2013-2729 and CVE-2010-0188), that is; it tries to exploit vulnerability in Adobe Reader.
If the exploit is successful, the malware copies itself under C:\Windows\[RandomName].exe. It also downloads additional malware on user’s system from hxxp://rlmclahore.com/Resources/Search/1510out[.]exe.
A system infected with Dyre banking malware will attempt to steal credentials used for online services, including banking services. This malware was first spotted by security researchers in June, then it was targeting large financial institutions world-wide. Last month, the malware was observed going after user credentials for Salesforce.com.
According to US-CERT, users and administrators should follow basic security steps to stay protected from this malware:
- Maintain up-to-date anti-virus software.
- Keep your operating system and software up-to-date with the latest patches.
- Do not follow unsolicited web links in email.
- Use caution when opening email attachments.
- Follow safe practices when browsing the web.
eScan suggests following preventive measures that will save you from falling prey to such attacks.
- Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
- Never respond to emails or messages from unknown sender that have “undisclosed recipients” in the address line.
- Do not click on the link mentioned in the mail, if required type it in another browser tab to see what it contains.
- Never provide information related to your credit card, bank account numbers or passwords to any unknown site or a fake site.
However, for complete protection from spam and phishing emails get the free trial of eScan Total Security Suite with Cloud Security from here: https://bit.ly/1rLWjxg
One Comment
Sushant
Good read. Although, there isn’t any specific name to the invoice file like you mentioned. The email contains either an invoice or federal tax info linking the receivers of this email to Cubby (cloud storage similar to Dropbox). When people open the file.. the email infects the system.