back to article Mystery hacker hijacks Dridex Trojan botnet... to serve antivirus installer

Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus. Avira reckons the pwnage is down to the work of an unknown white hat hacker. The Dridex botnet has remains a menace even after a high profile takedown operation in late …

  1. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Yes, in the future we could have an "Oh, noooooes" situation but somehow I find that unlikely. Far more likely is a tit for tat war between criminal groups and this is the first shot in such a battle. Not the first time either.

    2. MiguelC Silver badge

      At least whoever gets the Avira AV install sees that something is seriously wrong with their PC.

      1. x 7

        to be truthful, Avira isn't to bad as an AV. I'm not sure of recent stats, but historically most months they were in the top 3 or 4 in the AV rankings, similar to Avast, and constantly beating Norton/McAffee and a host of others

  2. Starace
    Black Helicopters

    Next iteration

    For their next trick, they patch the link to install Windows 10.

    1. Lord_Beavis

      Re: Next iteration

      Did you mean to remove the link for installing Windows 10, or to make it install Windows 10?

  3. Michael Thibault

    >Turn-about is fair play. Still illegal, but fair play.

  4. Robert Moore


    I have though about doing this so many times.

    If whoever did this is reading this message. Have a pint on me. :)

    Nice work.

    1. Anonymous Coward
      Anonymous Coward

      Re: Finally

      Before now, when getting a spam inviting me to click on a link to a fake PayPal or eBay login page on a compromised FTP server, I have sometimes modified the page to do various things including change the email address where stolen information is sent to to spoof@..., disable the submit button, and on one occasion added a refresh tag to tell the victim's browser to immediately load the genuine page.

      AC because, obvious really.

  5. Stevie


    Now if only someone could hack Donald Trump and download a brain ...

    1. NoneSuch Silver badge

      Re: Bah!

      Err: No mount point found.


    2. Sebastian A
      IT Angle

      Re: Bah!

      Oh please, not here too. I was hoping this place would be the last bastion from US politics.

      1. ukgnome

        Re: Bah!

        but Trump wants Bill Gates to close parts of the cannot avoid the Trump!

  6. x 7

    "these types of actions would be illegal in many countries"

    So Avira didn't do it. Honestly, not us, really, you have to believe us, really

  7. Anonymous Coward
    Anonymous Coward

    Using Avira for 6 years

    Avira historically always stays at top position (usually 1-3) from detection rate. It has 99.9% detection rate in real world tests. Only Kaspesky and Bitdefender have this same score(but both have only paid version). If you care about top level PC security(as much as you can get for free), not much about eye-candy, then Avira should be your 1st option. People usually think that more expensive products might be better that cheap/free one. Sometimes there are some exceptions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like