Light Dark
October 19, 2015 By Shane Schick 2 min read

One man may be under arrest and the worst of the attacks curtailed by law enforcement authorities, but researchers say it’s still too early to suggest Dridex, a botnet spawned by the Cridex Trojan, has been completely neutralized.

Several security vendors involved in the recent operation to take down Dridex told SecurityWeek that spam featuring the Trojan was discovered less than two days after it was initially shut down. Though smaller than the original Dridex, which has reportedly led to more than $40 million in losses so far, this sub-botnet is aimed at users in the U.K. These recent discoveries suggested the work to eradicate it completely is far from over.

For those still getting caught up, The Guardian has published an in-depth FAQ about Dridex, including its origins from the Cridex Trojan and the way it spreads via email and triggers malicious macros in Microsoft Word documents. By stealing login credentials and other personal information, experts claimed Dridex has been allowing cybercriminals from a collective known as Evil Corp. to target a wide range of organizations.

Last week, however, The Register and other publications said the so-called command-and-control malware factory suffered a significant setback when the FBI arrested a Moldovan man named Andrey Ghinkul and seized multiple servers believed to have been involved in using the Trojan. More than likely, Ghinkul is but one member of Evil Corp., and his extradition and prosecution in the U.S. will only be the first step in an ongoing attempt to fend off further attacks.

In fact, a public statement posted by the U.S. Department of Justice (DOJ) said the FBI is working with at least 12 different agencies and vendors as part of its investigation into Dridex. This reflects just how global threats such as banking Trojans have become, and it underscores the increasing challenge of making sure the tools enabling such cybercriminal activity aren’t simply picked up by someone else after initial arrests are made.

In the meantime, the DOJ statement said those who think they might be infected can remove the botnet by visiting a link on the U.S. Computer Emergency Readiness Team (US-CERT) site.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 15, 2024

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

May 14, 2024

Threat intelligence to protect vulnerable communities

2 min read - Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.Cyber criminals seek stolen credentialsThe HRCP…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature