Executive Summary

Informations
Name TA15-286A First vendor Publication 2015-10-13
Vendor US-CERT Last vendor Modification 2015-10-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

 

Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the Dridex botnet.

 

Description


Dridex is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language (XML) files to infect systems. The primary goal of Dridex is to infect computers, steal credentials, and obtain money from victims’ bank accounts. Operating primarily as a banking Trojan, Dridex is generally distributed through phishing email messages. The emails appear legitimate and are carefully crafted to entice the victim to click on a hyperlink or to open a malicious attached file. Once a computer has been infected, Dridex is capable of stealing user credentials through the use of surreptitious keystroke logging and web injects.


Impact


 

A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks, and harvest users' credentials for online services, including banking services.

 

Solution


Users are recommended to take the following actions to remediate Dridex infections:



  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. Even though Dridex is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).

  • Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).

  • Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. You should enable automatic updates if this option is available (see Understanding Patches for more information).

  • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) to help remove Dridex from your system.


       F-Secure


       https://www.f-secure.com/en/web/home_global/online-scanner


       McAfee


       http://www.mcafee.com/uk/downloads/free-tools/stinger.aspx


       Microsoft


       http://www.microsoft.com/security/scanner/en-us/default.aspx


       Sophos


       https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx


       Trend Micro


       http://housecall.trendmicro.com/


The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.


Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA15-286A.html

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2015-10-13 17:19:53
  • First insertion