• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  News  /  Banking malware, Dridex bounces back through PDF
10 May 2017

Banking malware, Dridex bounces back through PDF

Written by Ankita Ashesh
Ankita Ashesh
News
Estimated reading time: 3 minutes

Dridex is a banking malware which uses macros to spread on windows systems. Spam email attachments are utilized to spread this infection. Banking malware are generally key loggers. They trick users into opening the attachment; it then records the keystrokes on user’s computer and uses them for their own benefit. Recently spotted Dridex engagement contained PDF files as the carrier. Attachment contained invoice or payment receipt.

Subject line is “Copy of your 123-reg invoice (123-458452066 )”

Message body has details about the order placed and they have attached the payment receipt. Support details are given at the end of the mail to make it look genuine and convince the user to open the attachment.

How it spreads on the system:

  • Email has a PDF file and embedded Doc file in it

PDF name – 123-149715480-reg-invoice.pdf

Spreads via spam emails and tricks user to open it, stating payment receipt or invoice.

1

  • Embedded Docm file inside the PDF

2

  • After opening the PDF file, Adobe Reader shows a warning stating the Docm file you are opening can contain malicious macros or virus

3

Here as we can see the docm file 99848 is responsible for infection.

  • Drops Docm file at %temp% location such as “99848.docm”. Observed that it always drops a numeric docm file. File gets dropped when you click on “open the file” option shown during the warning when you open the PDF.

4

  • Document file which is dropped opens in read only mode and a yellow bar appears to enable editing to gain access and execute.

5

Dridex has changed its propagation method but the action remains the same. Similar way of spreading through Docm file, PDF just acts as a carrier. Stronger technique to identify spam mails and configure stronger firewall policy is a must.

Quick Heal Detection

  • Quick Heal Email Protection feature successfully blocks such malicious attachments (the script file, in this case) even before they are executed.
  • Quick Heal has given detection for the PDF and Embedded Doc file.

Precautionary Measures

  • Email attachment containing double extension such as pdf.bin or doc.js should never be opened if they are from unknown or untrusted sources.
  • Always visit websites which are known, do not click on any link or ad which shows tempting deals.
  • Regularly update your antivirus so that your data and system is safe from the ongoing malware trends.
  • Keep your software and operating system updated to ensure a secure digital environment.

ACKNOWLEDGMENT

Subject Matter Expert
• Nayan Vairagi
– Threat Research and Response Team

 Previous PostBrute force attack on Microsoft SQL
Next Post  WannaCry Ransomware Creating Havoc Worldwide by Exploiting Patche...
Ankita Ashesh
About Ankita Ashesh

...

Articles by Ankita Ashesh »

Related Posts

  • Cybersecurity roundup – Jan to April ‘19

    May 22, 2019
  • Cybersecurity Predictions for 2019

    February 22, 2019
  • social media

    How are social networking accounts used for malicious purposes?

    February 18, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.