Bank Trojans in fax messages
Interestingly, each downloaded archive contains a different name to deceive the antivirus software. This technique is called a server-side polymorphism and ensures that each downloaded file will be recognized as new.
The content of the archive looks like an average PDF file. It is actually an executable file with an icon usually assigned to a PDF file. They work as download software that copies onto our computer and launches a banking Trojan Dyzer, also known as Dyre.
Analysis of malicious software - Director
It was first met with him in 2014 and is similar to the notorious Zeus. It installs itself on the user's computer and becomes active only when the user uses specific functions contained on specific websites, sometimes these are the login pages of banking institutions or financial services.
Despite the relative sophistication of the attack method, this technique still relies on the curiosity of the user to look into the generated archive and manually run its contents. A bit of caution can reduce the chances of your computer being infected. Here's what the example links to malicious software look like:
According to the Bitdefender laboratory, 30,000 malicious emails were sent in one day only from spam servers in the United States, Russia, Turkey, France, Canada and the United Kingdom. What may seem interesting, the attack campaign is called 2201us and seems to refer to the date of the attack, that is January 22 and the target country, that is the USA.
Bitdefender detects and blocks all threat elements such as: .js file, download program and executable file. The Trojan is detected as Gen: [email protected] We also urge users to avoid clicking unknown links in e-mail messages, especially when messages originate from unknown recipients. And we remind you about antivirus updates in terms of definitions of the latest viruses and threats, so that the program is still able to stop the attack targeting our computer.
This article was written based on spam samples provided courtesy Adrian Miron, a spam researcher at Bitdefender, Doin Cosovan, researcher of Bitdefender, who provided technical information from the virus analysis group Octavian Mine and Alexandre Maximciuc.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.