A report from IBM security researchers shows that the Dridex Trojan has borrowed some functionality and tricks...
from the Dyre malware. One of these features is the ability to conduct redirection attacks. What are redirection attacks, and what can security professionals do to defend against the new version of the Dridex Trojan?
Software developers are known to incorporate features or functionality from competing projects, and they are not unique in this aspect, as malware authors often do the same. IBM security researchers recently wrote about the Dridex Trojan including functionality from the Dyre malware to conduct redirection attacks. Redirection attacks are when a victim's computer is sent to a different website than the intended website. This can be done via manipulating caches on DNS servers, DNS caches on the local system or modifying the hosts file on the local system. Redirection attacks' inclusion in malware goes back until at least the late 1990s, when Sophos analyzed the NafBot malware that manipulated the local hosts file to stop antivirus software from getting updates. The Dridex Trojan continues to use spam like its older versions, such as a Microsoft Office document containing a malicious macro. Macro viruses go back to the 1990s as well.
Enterprises can defend against the new version of the Dridex Trojan and redirection attacks using the same techniques from the 1990s. Much of the same security controls can be used to block the current generation of malicious macros, with the addition of using signed macros and security controls. Endpoint antimalware and network-based antimalware tools have advanced significantly since the 1990s and provide much of the same protections. Protecting against phishing is also critical, as malicious emails are a widely-used method to introduce Trojans and other types of malware into enterprise endpoints and networks.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read about the best malware removal methods
Find out how the Dyre Wolf malware campaign stole millions of dollars
Learn how to track and defend against crimeware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.