back to article Drydex malware busting bursting British business bank balances

IBM threat analyst Limor Kessem says the Dridex trojan has been revamped and for the last fortnight has targeted rich UK bank accounts in an expensive and well-resourced campaign. The gang behind the malware, dubbed Evil Corp, released the update to Dridex detected 6 January such that it would go after the richest British …

  1. g00se

    Lower wool content for sec issues please

    and is detected by only a handful of antivirus platforms.

    WHICH handful?

    1. dan-o

      Re: Lower wool content for sec issues please

      As Dridex =, Dyre and other variants of that family of malware morph, the signature/pattern-based a/v tools miss them completely, including email gateway and desktop vendors including F-secure, McAfee, and probably others. These are not zero-hour issues, they are closer to zero-minute issues that are exceedingly good at getting around pattern based and zero-hour layers of controls. The signature-based vendors will catch up, but by then many will have been delivered and some malicious attachments will have been opened and systems compromised. I won't pimp for the vendor we engaged with, but newer techniques in the email security space are providing another layer of protection to temp quarantine and examine these in controlled environments which are collecting global data in real time to determine if these are malicious or not. That seems to have helped a great deal, but some (far less than before) will still be delivered because of how rapidly these are changing.

  2. Anonymous Coward

    The gang behind the malware, dubbed Evil Corp.....

    Someone's been watching Mr Robot......

    1. Roq D. Kasba

      Re: The gang behind the malware, dubbed Evil Corp.....

      Do you think they call themselves Evil Corp? If so, just arrest everyone with an Evil Corp name badge within the square mile, job done.

  3. Anonymous Coward
    Anonymous Coward

    I assume this needs a web based e-mail program, or at least one that displays html documents for this to work.

    If that is the case the answer is simple, and it would cut dramatically the garbage, - just use a text based e-mail program. That will show all the incorrect URLs. If using a text based e-mail program is impossible at least force the display of the full e-mail headers.

    The other part of the problem is those in top management generally think they know it all, especially when they know nothing about technology.

    1. Doctor Syntax Silver badge

      "I assume this needs a web based e-mail program, or at least one that displays html documents for this to work."

      Probably not. I don't know about you but I find that spam that claims to be an invoice actually has the alleged invoice in an attachment. Even if the enclosing email is plain text and read in a text-based browser anyone who actually thinks it's an invoice they have to look at it is going to try to open the attachment and that's the dangerous act.

      "those in top management"

      Those in top management might well be the source of a good deal of harm but this type of attack is likely to be aimed at accounts staff. They deal with invoices and banking.

    2. dan-o

      These malware families do not require an HTML mail client to create a compromise, the payloads are in common attachments including MS Office Docs, PDF's etc, and once opened from any kind of client on at least windows boxes, they're off to the races.

  4. Anonymous Coward

    Top three worst banking malware families?

    "Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems."

    Comment Rejected :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like