The dangerous virus code-named “Dridex Malware” has the power to intercept private data, such as data entry to bank accounts, online payment services, data entry, email, social media, etc.
From the research officers of the Directorate of Prosecution of Electronic Crime it has been established that during the last period of time are sent and transmitted via internet e-mail messages that include malicious attached file (usually of the form .doc, .xls, .pdf), which contains macro (macro).
The attached file is claimed to be an invoice or other accounting document, which initially appears to be legitimate, in order to “trick” the recipient and lead him to the opening.
By default, in a document “Word”, the macros are disabled. However, opening the attached document, the user is asked if he wants to trigger them and in the positive case, the built-in malicious macro is run, the computer becomes infected and is installed in this the virus is “Dridex”.
What does the “Dridex”it?
In accordance with the notice of the Directorate of Prosecution of Electronic Crime:
Uploads/downloads/executes files
Monitor the network traffic
Takes snapshots of the screen (screenshots)
Removes from the user the administrator rights of the computer (botnet)
Communicates with servers to receive configuration files (configuration files)
Generally affects processes, such as Internet Explorer, Chrome, Firefox in order to monitor their communications.
The Address of Electronic Crime it is recommended that users of the internet:
a. Don’t open e-mail messages, of which the origin or the content is not certain, especially if the attachments require that you enable macros. These files will be deleted directly.
b. If possible, is disabled the option to enable macros at the level of central management and configuration of operating system (Group Policy) in an organization.
c. To use anti-virus protection with real-time protection (real – time).
d. To use appropriate filters to protect against spam , so this type of messages, which is based on the spread of the virus “Dridex”, do not appear in inbox messages or, if they appear, to prevent completely the malicious content. e. In case of suspicion of contamination, change, directly, with the use of another machine, non-infected, all passwords, especially to bank accounts, online payment services, Social Media, etc.
SHOCK in China: One in three men is threatened by smoking
Read more “