pixel_dreams - Fotolia
A report from IBM security researchers shows that the Dridex Trojan has borrowed some functionality and tricks from the Dyre malware. One of these features is the ability to conduct redirection attacks. What are redirection attacks, and what can security professionals do to defend against the new version of the Dridex Trojan?
Software developers are known to incorporate features or functionality from competing projects, and they are not unique in this aspect, as malware authors often do the same. IBM security researchers recently wrote about the Dridex Trojan including functionality from the Dyre malware to conduct redirection attacks. Redirection attacks are when a victim's computer is sent to a different website than the intended website. This can be done via manipulating caches on DNS servers, DNS caches on the local system or modifying the hosts file on the local system. Redirection attacks' inclusion in malware goes back until at least the late 1990s, when Sophos analyzed the NafBot malware that manipulated the local hosts file to stop antivirus software from getting updates. The Dridex Trojan continues to use spam like its older versions, such as a Microsoft Office document containing a malicious macro. Macro viruses go back to the 1990s as well.
Enterprises can defend against the new version of the Dridex Trojan and redirection attacks using the same techniques from the 1990s. Much of the same security controls can be used to block the current generation of malicious macros, with the addition of using signed macros and security controls. Endpoint antimalware and network-based antimalware tools have advanced significantly since the 1990s and provide much of the same protections. Protecting against phishing is also critical, as malicious emails are a widely-used method to introduce Trojans and other types of malware into enterprise endpoints and networks.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read about the best malware removal methods
Find out how the Dyre Wolf malware campaign stole millions of dollars
Learn how to track and defend against crimeware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading