Message: US-CERT Alert

Home Message Groups Fidonet Anti-Virus Discussion & NewsReading Messages
Who's Online Login New User Message Groups
Main DOVE-Net BattlNet GatorNet Fidonet ILink DoRENET League 10 CombatNet
File Libraries
Subject:
US-CERT Alert
Date:
Tue Oct 13 2015 09:39 am
From:
Ben Ritchey
To:
All
NCCIC / US-CERT

National Cyber Awareness System:

TA15-286A: Dridex P2P Malware
10/13/2015 07:23 AM EDT


Original release date: October 13, 2015

Systems Affected
Microsoft Windows

Overview

Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a
decentralized network infrastructure of compromised personal computers and web
servers to execute command-and-control (C2). The United States Department of
Homeland Security (DHS), in collaboration with the Federal Bureau of
Investigation (FBI) and the Department of Justice (DOJ), is releasing this
Technical Alert to provide further information about the Dridex botnet.

Description
Dridex is a multifunctional malware package that leverages obfuscated macros in 
Microsoft Office and extensible markup language (XML) files to infect systems.
The primary goal of Dridex is to infect computers, steal credentials, and
obtain money from victimsÆ bank accounts. Operating primarily as a banking
Trojan, Dridex is generally distributed through phishing email messages. The
emails appear legitimate and are carefully crafted to entice the victim to
click on a hyperlink or to open a malicious attached file. Once a computer has
been infected, Dridex is capable of stealing user credentials through the use
of surreptitious keystroke logging and web injects.

Impact

A system infected with Dridex may be employed to send spam, participate in
distributed denial-of-service (DDoS) attacks, and harvest users' credentials
for online services, including banking services.

Solution
Users are recommended to take the following actions to remediate Dridex
infections:

Use and maintain anti-virus software - Anti-virus software recognizes and
protects your computer against most known viruses. Even though Dridex is
designed to evade detection, security companies are continuously updating their 
software to counter these advanced threats. Therefore, it is important to keep
your anti-virus software up-to-date (see Understanding Anti-Virus Software for
more information).
Change your passwords - Your original passwords may have been compromised
during the infection, so you should change them (see Choosing and Protecting
Passwords for more information).
Keep your operating system and application software up-to-date - Install
software patches so that attackers can't take advantage of known problems or
vulnerabilities. Many operating systems offer automatic updates. You should
enable automatic updates if this option is available (see Understanding Patches 
for more information).
Use anti-malware tools - Using a legitimate program that identifies and removes 
malware can help eliminate an infection. Users can consider employing a
remediation tool (examples below) to help remove Dridex from your system.
       F-Secure

       https://www.f-secure.com/en/web/home_global/online-scanner

       McAfee

       http://www.mcafee.com/uk/downloads/free-tools/stinger.aspx

       Microsoft

       http://www.microsoft.com/security/scanner/en-us/default.aspx

       Sophos

       https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx

       Trend Micro

       http://housecall.trendmicro.com/

The above are examples only and do not constitute an exhaustive list. The U.S.
Government does not endorse or support any particular product or vendor.

References
N/A
Revision History
Initial Publication - October 13, 2015

------------------------------------------------------------------------------- 
-

This product is provided subject to this Notification and this Privacy & Use
policy.


------------------------------------------------------------------------------- 
-
A copy of this publication is available at www.us-cert.gov. If you need help or 
have questions, please send an email to info@us-cert.gov. Do not reply to this
message since this email was sent from a notification-only address that is not
monitored. To ensure you receive future US-CERT products, please add
US-CERT@ncas.us-cert.gov to your address book.
OTHER RESOURCES:
Contact Us | Security Publications | Alerts and Tips | Related Resources
STAY CONNECTED:
Sign up for email updates

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help


------------------------------------------------------------------------------- 
-
This email was sent to Fido4cmech@lusfiber.net using GovDelivery, on behalf of: 
United States Computer Emergency Readiness Team (US-CERT) ╖ 245 Murray Lane SW
Bldg 410 ╖ Washington, DC 20598 ╖ (888) 282-0870 Powered by GovDelivery

=== Cut ===


--
Guardien Fide   :^)

   Ben  aka cMech  Web: http://cmech.dynip.com
                 Email: fido4cmech(at)lusfiber.net
              Home page: http://cmech.dynip.com/homepage/
           WildCat! Board 24/7  +1-337-984-4794  any BAUD 8,N,1

--- GoldED+/W32-MSVC
 * Origin: FIDONet - The Positronium Repository (1:393/68)
Section One BBS
