pixel_dreams - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does the Dridex Trojan conduct redirection attacks?

The new version of the Dridex Trojan share Dyre malware's redirection attack capabilities. Expert Nick Lewis explains how enterprises can prevent these incidents.

A report from IBM security researchers shows that the Dridex Trojan has borrowed some functionality and tricks from the Dyre malware. One of these features is the ability to conduct redirection attacks. What are redirection attacks, and what can security professionals do to defend against the new version of the Dridex Trojan?

Software developers are known to incorporate features or functionality from competing projects, and they are not unique in this aspect, as malware authors often do the same. IBM security researchers recently wrote about the Dridex Trojan including functionality from the Dyre malware to conduct redirection attacks. Redirection attacks are when a victim's computer is sent to a different website than the intended website. This can be done via manipulating caches on DNS servers, DNS caches on the local system or modifying the hosts file on the local system. Redirection attacks' inclusion in malware goes back until at least the late 1990s, when Sophos analyzed the NafBot malware that manipulated the local hosts file to stop antivirus software from getting updates. The Dridex Trojan continues to use spam like its older versions, such as a Microsoft Office document containing a malicious macro. Macro viruses go back to the 1990s as well.

Enterprises can defend against the new version of the Dridex Trojan and redirection attacks using the same techniques from the 1990s. Much of the same security controls can be used to block the current generation of malicious macros, with the addition of using signed macros and security controls. Endpoint antimalware and network-based antimalware tools have advanced significantly since the 1990s and provide much of the same protections. Protecting against phishing is also critical, as malicious emails are a widely-used method to introduce Trojans and other types of malware into enterprise endpoints and networks.

Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Read about the best malware removal methods

Find out how the Dyre Wolf malware campaign stole millions of dollars

Learn how to track and defend against crimeware attacks

This was last published in June 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal