Number: IRCNE2014062220
Date: 2014-06-16
According to “techworld”, security researchers said they've spotted a new type of banking malware that rivals the capabilities of the infamous Zeus malware.
The malware, which is being called "Dyreza" or "Dyre," uses a man-in-the-middle attack that lets the hackers intercept unencrypted web traffic while users mistakenly think they have a secure connection with their online banking site.
Although Dyreza has similarities with Zeus, "we believe this is a new banker trojan family and not yet another offspring from the Zeus source code," according to a writeup by CSIS, a Danish security company.
During an attack by Dyreza, a user thinks their authentication credentials are going to a legitimate bank, but the malware actually redirects the traffic to their own servers, wroteRonnie Tokazowski, a senior researcher at PhishMe, another security company that has studied the attack. Users mistakenly think they have connected over SSL to their bank's server.
The malware is being distributed through spam messages. To help evade URL scanners that might block messages with known suspicious domains, the attackers have been hosting the malware on legitimate domains.
It appears the attackers have also set up other infrastructure to facilitate the transfer of money from victims' accounts.
- 3