Recently an alert was issued by CERT-In and US-CERT highlighting that a new banking malware known as 'Dyre/ Dyreza' was used to target customers of well-known financial institutions. Indian Computer Emergency Response Team (CERT-In) and United States Computer Emergency Readiness Team (US-CERT) are nodal government agencies that deal with cyber security threats in India and the United States respectively. These agencies issue alerts and advisories to update users about latest trends in information security along with newly discovered vulnerabilities.
The alert issued mentions that since mid-October 2014, a phishing campaign has been targeting a wide variety of consumers while employing the Dyre/ Dyreza banking trojan. This campaign uses various tactics with the intent to entice recipients into opening attachments and downloading malware. Most of the popular banks' customers are targeted with such e-mail attacks.
How does a Dyre/ Dyreza malware reach your system?
The malware propagates by using social engineering techniques (Phishing) or by means of spam e-mails. These e-mails pretend to be genuine e-mails received from a financial institution and contain either a ZIP file or a PDF document as an attachment. The zip contains Dyreza malware which installs itself on the target system on being executed.
The e-mails that were commonly observed to be sent to spread the malware used the following patterns and characteristics:
What are the impacts of this malware?
Dyreza attaches itself to your Internet browser intercepting any information visible on the browser including your user ID credentials and passwords.
What are the symptoms of being infected with Dyreza?
Following are the symptoms you will observe if your computer is infected with Dyreza or similar malware:
How should one be safe from such malware?
In order to be safe from such fraudulent attacks, you need to be aware of it. It is recommended to take the following preventive measures to protect your computer networks from phishing campaigns:
The alert issued mentions that since mid-October 2014, a phishing campaign has been targeting a wide variety of consumers while employing the Dyre/ Dyreza banking trojan. This campaign uses various tactics with the intent to entice recipients into opening attachments and downloading malware. Most of the popular banks' customers are targeted with such e-mail attacks.
How does a Dyre/ Dyreza malware reach your system?
The malware propagates by using social engineering techniques (Phishing) or by means of spam e-mails. These e-mails pretend to be genuine e-mails received from a financial institution and contain either a ZIP file or a PDF document as an attachment. The zip contains Dyreza malware which installs itself on the target system on being executed.
The e-mails that were commonly observed to be sent to spread the malware used the following patterns and characteristics:
- Subject line: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)
- Attachment name resembling Invoice621785.pdf
What are the impacts of this malware?
Dyreza attaches itself to your Internet browser intercepting any information visible on the browser including your user ID credentials and passwords.
- Attempts to take your passwords or account/ card details of online services, including banking services
- Bypasses your secure browser protection settings
- Captures your keystrokes (while entering passwords)
- Intercepts your browsing activities and communicates the same to the miscreants
What are the symptoms of being infected with Dyreza?
Following are the symptoms you will observe if your computer is infected with Dyreza or similar malware:
- Slows down, crashes or displays repeated error messages
- Will not shut down or restart
- Unintended downloads/ unexpected flow of pop-ups
- Displays web pages you did not intend to visit or sends e-mails you did not write (you may check your sent items for this). Once you realise you are affected with a malware, change your banking or e-mail passwords immediately using an uninfected system
- New and unexpected icons in your shortcuts or on your desktop
- Your laptop battery drains more quickly than it should
How should one be safe from such malware?
In order to be safe from such fraudulent attacks, you need to be aware of it. It is recommended to take the following preventive measures to protect your computer networks from phishing campaigns:
- Do not follow unsolicited web links in e-mail
- Use caution when opening e-mail attachments
- Follow safe practices when browsing the web
- Install a reputed and paid anti-virus
- Keep your anti-virus up-to-date
- Keep your operating system and software up-to-date with the latest updates
एक टिप्पणी भेजें