Despite usually being distributed in spam and phishing emails, the Dyre/Dyreza malware has the same capabilities as a targeted attack.
According to Peter Kruse, partner and eCrime specialist at CSIS Security Group, even though Dyzera has been targeting US businesses primarily, it is now targeting the unpatched flaw in Microsoft Windows, and Kruse told IT Security Guru that this will make it a lot more efficient in compromising hosts.
He said: “Dyreza has proven to be a classic ‘crime as a service’ setup. We already foresaw that in our very first analysis of the malware. This always explains why some bad actors are targeting different banks and companies. Basically with a tool like Dyreza, you have the power and capabilities of an APT.”
Asked if this had the same capability as major banking malware such as Zeus, Kruse said it was similar, but much more advanced and with a very low anti-virus detection at the time of distribution. “Calculated on the amount of spam mails, I would call it a wide spread and prevalent threat,” he said.
According to analysis by CSIS, Dyreza targets several banks in Switzerland and has command and control nodes based in France.
Asked why he felt that the US CERT issued a warning about malware which is being distributed by spam messages, Kruse said: “I guess recent spam waves have increased its prevalence in the US and thus they had to issue an alert.”