Home»Gadgets»Launches» Do not open that email with .zip, .pdf or .ppt attachment, it could be Dyreza Trojan, warns CERT

Do not open that email with .zip, .pdf or .ppt attachment, it could be Dyreza Trojan, warns CERT

Dailybhaskar.com | Last Modified - Nov 06, 2014, 03:05 PM IST

Dyreza Trojan coming via email attachments as .zip, .pdf or .ppt files
  • Do not open that email with .zip, .pdf or .ppt attachment, it could be Dyreza Trojan, warns CERT
    Do not open that email with .zip, .pdf or .ppt attachment, it could be Dyreza Trojan, warns CERT
    Indian security experts at Cert-In (Computer Emergency Response Team, India) has wrned that a malware called Dyreza (also called Dyre) is on prowl and is targeting banking institutions.
    According to the Cert-In this is a Trojan mainly targeting customers of well known financial institutions that are running Microsoft Windows Operating System. The virus propagates via scam messages that look like one received from the financial institution containing .zip of .pdf file as attachment to the mail.
    According to the Cyber Security Intelligence Services (CSIS) the latest variant of Dyreza (also called Dyre) malware has targeted several banks in Switzerland. The trojan according to this report arrived as spam e-mails with a PPT attachment that exploit a vulnerability CVE-2014-4114, also known as Windows OLE Remote Code Execution Vulnerability.
    How the virus works?
    On opening (extracting) the mail attachment it copies itself on the computer of the user thereby infecting it (copies itself under C:\Windows\[RandomName].exe). It then, steals important information like online bank credentials, captures keystrokes and shares them with the command and control server. According to CSIS the Command and Control Servers of Dyreza are hosted at OVH in France.
    The malware also knows how to bypass SSL protection using browser hooking and hence is very dangerous.
    The malware installs itself as a service Google Update Service (googleupdate) and hence gets executed each time the system is rebooted.
    How to recognize such message?
    According to CSIS the Trojan comes as spam email posing as one from financial institution (for example bank). It might carry subject like these –
    Unpaid invoic
    New bank details
    Invoice #[7 random numbers]
    The attachment could be something like - Attachment: Invoice621785.pdf
    Note that “spelling errors in the subject line are a characteristic of this campaign,” advices US-Cert, giving you an idea about how to spot the wrong message.
    Is there a patch?
    Since the virus, according to Cert-In uses an Adobe Reader Vulnerability (CVE-2013-2729) it has released a patch to plug this security loophole, download the patch here.
    What more can you do?
    Cert-In also advises to make changes in the email settings so that files with extensions like .vbs, .bat, .exe, .pif and .scr are automatically filtered.
    Delete any suspicious-looking emails you receive, especially if they sport links and/or attachments. Don’t even open them, just delete them, says TrendMicro.
    In case you suspect an infection, immediately change your online banking account passwords. Remebre to use a different computer and uninfected computer for this. Also alert your bank on any fraudulent transactions taking place.
    Image source: Cert-In via CSIS and Phishme
(Launches Gujarati News) સાથે જોડાયેલા અન્ય (Gadgets Gujarati News) મેળવવા માટે અમને Facebook અને Twitter પર ફોલો કરો. વાંચતા રહો 76 લાખ+ વાચકોની મનપસંદ અને વિશ્વની નં.1 Gujarati News વેબસાઇટ divyabhaskar.co.in, જાણો સમાચારોથી વધુ. દરેક ક્ષણ અપડેટ રહેવા માટે ડાઉનલોડ કરો Gujarati News App & Divya Bhaskar epaper App.
Web Title: Do not open that email with .zip, .pdf or .ppt attachment, it could be Dyreza Trojan, warns CERT
(Read News in Gujarati from Divya Bhaskar)

Stories You May be Interested in

More From Gadgets

Trending Now

Trending

Top