The US Computer Emergency Readiness Team (US-CERT) has issued a warning on the Dyre banking malware.
It warned that, since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware, and elements vary from target to target including senders, attachments, exploits, themes, and payloads.
“The Dyre banking malware specifically targets sensitive user account credentials,” it said. “The malware has the ability to capture user login information and send the captured data to malicious actors. Phishing emails used in this campaign often contain a weaponised PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader. A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services.”
Last month, Salesforce sent a warning to users about the malware, saying it had no evidence that any customers had been impacted, and we are continuing our investigation, but early detections of it were that it works similar to ZeuS and supports browser hooking for Internet Explorer, Chrome and Firefox and harvests data at any point an infected user connects to the targets specified in the malware.
Rajneesh Chopra, vice president of product management at Netskope, said: “The vector for spreading this malware has been a phishing email in which the user was lured to click on a link to ostensibly download a file – typically an .exe or a .scr file that is zipped.
“Once installed, the malware applies a browser hooking technique to intercept traffic before it is encrypted, thereby enabling it to redirect that traffic to a different website than the user intends.”
Join the IT Security Guru for the next webcast on Thursday 30th October at 11am, where we discuss ‘The Next Great Threat to Security’ and dealing with major flaws https://t.co/V5dWgXcLMY
