VOTIRO HAS DETECTED AND SUCCESSFULLY NEUTRALIZED A NEW DRIDEX MALWARE ATTACK

January 28, 2016

The attack was disguised as a common Payment request sent to one of the largest financial institute protected by Votiro. The email was sent from a legitimate Pearson with a valid LinkedIn account and from a company that purchased a domain name and even designed a logo:

For the attention of the accounts department.

The email has a Word file attachment that when opened requests the user to allow Macros. When allowing Macros the malicious macro silently downloads zimbazzi.exe, a malware that disguises itself as Torrent-P2P program that is part of Dridex banking malware. The malware may also identified as 87tf26w.exe or as other filename (MD5 33e222cd5a98ba948732ffddb2d41965). The complete infected process has not been detected by the fully updated Antivirus software that was installed on the lab machine.

Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user. (Webopedia.com)

While this attack has not been recognized by most AV engines, the file was completely neutralized by Votiro, giving the client a safe to edit version of the Word file. As you can see in the report from VirusTotal, only 2 AV engines flagged this file and they only flagged it as suspicious.

For more information visit Votiro website or contact us at info@votiro.com

Close

Pick What Works for You

Get a Free Trial
Try our protection services
for 30 days. No commitment.

Schedule a Demo
Let us know when and we’ll
set up the full experience
Schedule a Demo

Let’s Talk!
We would love to
hear from you

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Privacy policy

Let’s Start

Secure Your Digital Journey