Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Banking trojans on the rise, this time targeting Australian users

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 18, 2016

There's no question that banking trojans are on the rise, and this time they are now targeting Australian users. In fact, this could be based on one of the world's worst banking trojans that delivers nasty malware that can affect thousands of users all at once.

To say that this represents a security issue would be an understatement. Malware expert Jason Reaves at Fedelis asserts that the 'TrickBot Trojan' features some very strong code with close similarities to the Dyre Trojan, a strong virus that ripped through Western banks and businesses in the U.S., Britain and Australia.

That trojan alone inflicted tens of millions of dollars in damages through dozens of separate spam and phishing campaigns since June 2014, and it looks that this is far from over.

Dyre stole some US $5.5 million from budget airline carrier Ryanair and robbed several individual small and medium-size businesses of up to $1.5 million each in substantial wire transfers using stolen online banking credentials over the past 2 1/2 years.

To be sure, Dyre's outburst last year culminated in the arrest of its alleged authors in February 2016, in several raids across Moscow and two of its suburbs.

Now one or more members of the so-called 'Dyre Group' appear to be back in the malware business and targeting Australian banks including Westpac, ANZ, NAB, and even St George.

What you need to know is that both Dyre and TrickBot utilize some of the same malware componentry, a similarity Reaves calls staggering.

Interestingly, the small changes between the two malware apps code appear to be upgrades, rather than core code.

Reaves highlights some similarities that include a few 'loaders' and custom encryptors, along with close but not identical hashing functions, and what appears to be an upgraded command and control encryption mechanism.

"Some similarities would suggest that some individuals related to the development of the Dyre Trojan have found their way into resuming criminal operations," Reaves says.

"It's actually our assessment with strong confidence that there is a clear link between Dyre and TrickBot, but that there is considerable new development that has been invested into TrickBot," he asserted.

"With some limited confidence, we can assess that one or more of the original developers of Dyre is involved with TrickBot," added Reaves.

He says that TrickBot developers are also rebuilding their so-called 'Cutwail Botnet' to prepare for upcoming spam runs in which the malware will be spread.

"It will be sure interesting to see if TrickBot can reach or pass its predecessor," he says. Whatever happens, we will keep you posted.

Source: Fedelis Internet Security.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer