Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does the Dridex Trojan conduct redirection attacks?

The new version of the Dridex Trojan share Dyre malware's redirection attack capabilities. Expert Nick Lewis explains how enterprises can prevent these incidents.

A report from IBM security researchers shows that the Dridex Trojan has borrowed some functionality and tricks...

from the Dyre malware. One of these features is the ability to conduct redirection attacks. What are redirection attacks, and what can security professionals do to defend against the new version of the Dridex Trojan?

Software developers are known to incorporate features or functionality from competing projects, and they are not unique in this aspect, as malware authors often do the same. IBM security researchers recently wrote about the Dridex Trojan including functionality from the Dyre malware to conduct redirection attacks. Redirection attacks are when a victim's computer is sent to a different website than the intended website. This can be done via manipulating caches on DNS servers, DNS caches on the local system or modifying the hosts file on the local system. Redirection attacks' inclusion in malware goes back until at least the late 1990s, when Sophos analyzed the NafBot malware that manipulated the local hosts file to stop antivirus software from getting updates. The Dridex Trojan continues to use spam like its older versions, such as a Microsoft Office document containing a malicious macro. Macro viruses go back to the 1990s as well.

Enterprises can defend against the new version of the Dridex Trojan and redirection attacks using the same techniques from the 1990s. Much of the same security controls can be used to block the current generation of malicious macros, with the addition of using signed macros and security controls. Endpoint antimalware and network-based antimalware tools have advanced significantly since the 1990s and provide much of the same protections. Protecting against phishing is also critical, as malicious emails are a widely-used method to introduce Trojans and other types of malware into enterprise endpoints and networks.

Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Read about the best malware removal methods

Find out how the Dyre Wolf malware campaign stole millions of dollars

Learn how to track and defend against crimeware attacks

This was last published in June 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has been your enterprise's experience with Dridex's new capabilities?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close