Dyre/Dyreza banking Trojan is on rise!
So, to avoid such threats, do NOT search any financial institution (Just keep their official/ original home page in mind or, bookmark them via your browser clients.); ignore, report any mails around "Gift", "Offer", potentially misleading pop-up/info and the likes; DO scan any attachment, file before you open it; update your security software and operating system; scan your computer regularly under Safe Mode. Read on and learn more security information.
The Dyre/Dyreza banking Trojan has lately become very popular with cyber criminals - so much so that the US-CERT has issued an alert warning about the danger.
"Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including fakelaerts around your disk/ registry errors, senders, attachments, exploits, themes, and payload(s)," they shared.
"Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader."
Dyre/Dyreza is after sensitive user account credentials for online services, including bank services, which it logs and sends to remote servers run by the criminals.
In another campaign spotted by Danish security firm CSIS, the malicious emails are very similar (fake unpaid invoices, bank details), but the attachment is a specially crafted PPT file made to exploit the Sandworm vulnerability (CVE-2014-4114) in order to install the malware.
While initial versions of the malware were targeting users of several US and UK banks, this latest one is also aimed at Swiss bank customers (as evidenced by the content of its configuration file):
Adobe has patched the vulnerabilities exploited in the aforementioned attack years ago, and Microsoft issued a patch for the Sandworm bug earlier this month.
Users who regularly patch their OS and software were, in this case, safe from danger (adware, foistware and other greyware). They usually are, because cyber crooks that are after banking information and online credential almost exclusively use exploits for already patched vulnerabilities.
Not opening Microsoft PowerPoint files, other Office files, or any other files received or downloaded from untrusted sources is also a good way to steer clear of malware.