back to article Dridex redux, with FTP serving the nasties

Keep your eyes open for yet-another Dridex-based malware attack. Forcepoint researchers spotted the campaign last week, noting that instead of hitting up HTTP links the attackers are targeting compromised FTP sites (and exposing those sites' credentials). The FTP sites in question were used to host the malware sent to victims …

  1. Pascal Monett Silver badge

    "compromised via DDE (a popular vector late last year); or in an Excel file"

    Any mail I receive from someone I don't know that has an attachment goes directly to the round file.

    I find that that simplifies things enormously and saves me a lot of time as well.

    If that person has legitimate reason to contact me, they'll write again and a conversation will start from there.

    1. Tom Samplonius

      Re: "compromised via DDE (a popular vector late last year); or in an Excel file"

      "Any mail I receive from someone I don't know that has an attachment goes directly to the round file.

      I find that that simplifies things enormously and saves me a lot of time as well."

      And when your system is compromised, it will send itself out to your contacts from your email address. Possibly even re-sending email from your Sent folder with the malware attached. Malware writers figured this simplifies things enormously.

  2. Anonymous Coward
    Linux

    FTP socalist botnet malware steals money

    com, DDE, domains, Dridex, Excel, fr, FTP, HTTP, infected macro, links, malware, phishing, XLS ®

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like