Drydex malware busting bursting British business bank balances IBM threat analyst Limor Kessem says the Dridex trojan has been revamped and for the last fortnight has targeted rich UK bank accounts in an expensive and well-resourced campaign. The gang behind the malware, dubbed Evil Corp, released the update to Dridex detected 6 January such that it would go after the richest British …
As Dridex =, Dyre and other variants of that family of malware morph, the signature/pattern-based a/v tools miss them completely, including email gateway and desktop vendors including F-secure, McAfee, and probably others. These are not zero-hour issues, they are closer to zero-minute issues that are exceedingly good at getting around pattern based and zero-hour layers of controls. The signature-based vendors will catch up, but by then many will have been delivered and some malicious attachments will have been opened and systems compromised. I won't pimp for the vendor we engaged with, but newer techniques in the email security space are providing another layer of protection to temp quarantine and examine these in controlled environments which are collecting global data in real time to determine if these are malicious or not. That seems to have helped a great deal, but some (far less than before) will still be delivered because of how rapidly these are changing.
I assume this needs a web based e-mail program, or at least one that displays html documents for this to work.
If that is the case the answer is simple, and it would cut dramatically the garbage, - just use a text based e-mail program. That will show all the incorrect URLs. If using a text based e-mail program is impossible at least force the display of the full e-mail headers.
The other part of the problem is those in top management generally think they know it all, especially when they know nothing about technology.
"I assume this needs a web based e-mail program, or at least one that displays html documents for this to work."
Probably not. I don't know about you but I find that spam that claims to be an invoice actually has the alleged invoice in an attachment. Even if the enclosing email is plain text and read in a text-based browser anyone who actually thinks it's an invoice they have to look at it is going to try to open the attachment and that's the dangerous act.
"those in top management"
Those in top management might well be the source of a good deal of harm but this type of attack is likely to be aimed at accounts staff. They deal with invoices and banking.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
