What is Dridex?

Dridex is the name of a strain of malware designed to eavesdrop on victim’s computers in order to steal personal information such as usernames and passwords, with the ultimate aim of breaking into bank accounts and siphoning off cash.

How does it spread?

The virus is spread through infected emails sent by its developers to targets. The emails, some of which are similar to the screenshot below from researchers at Symantec, typically contain an infected Microsoft Office file, and attempt to trick the user into opening the attachment.

How is it used to steal money?

Once installed, Dridex has a significant amount of control over the user’s computer. It can upload, download and run programs, as well as snoop on internet browsing by directly looking at network traffic and by taking screenshots of the browser window. The malware also adds the computer to the wider Dridex “botnet”, which allows its controllers to communicate with the infected computer through others, protecting them from law enforcement.

Then, it sits on the infected computer, waiting to steal logins to high-value services. As well as banking details, the main target of the attack, it also keeps an eye out for other login credentials such as social media. The National Crime Agency says that “up to” £20m was lost to the hackers, and the FBI says that a first $10m was lost domestically.

Extracts taken from: http://www.theguardian.com/technology/2015/oct/14/what-is-dridex-how-can-i-stay-safe

Read more information on how to stay safe