A report from IBM security researchers shows that the Dridex Trojan has borrowed some functionality and tricks...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
from the Dyre malware. One of these features is the ability to conduct redirection attacks. What are redirection attacks, and what can security professionals do to defend against the new version of the Dridex Trojan?
Software developers are known to incorporate features or functionality from competing projects, and they are not unique in this aspect, as malware authors often do the same. IBM security researchers recently wrote about the Dridex Trojan including functionality from the Dyre malware to conduct redirection attacks. Redirection attacks are when a victim's computer is sent to a different website than the intended website. This can be done via manipulating caches on DNS servers, DNS caches on the local system or modifying the hosts file on the local system. Redirection attacks' inclusion in malware goes back until at least the late 1990s, when Sophos analyzed the NafBot malware that manipulated the local hosts file to stop antivirus software from getting updates. The Dridex Trojan continues to use spam like its older versions, such as a Microsoft Office document containing a malicious macro. Macro viruses go back to the 1990s as well.
Enterprises can defend against the new version of the Dridex Trojan and redirection attacks using the same techniques from the 1990s. Much of the same security controls can be used to block the current generation of malicious macros, with the addition of using signed macros and security controls. Endpoint antimalware and network-based antimalware tools have advanced significantly since the 1990s and provide much of the same protections. Protecting against phishing is also critical, as malicious emails are a widely-used method to introduce Trojans and other types of malware into enterprise endpoints and networks.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read about the best malware removal methods
Find out how the Dyre Wolf malware campaign stole millions of dollars
Learn how to track and defend against crimeware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.