dridex: all you need to know about this persistent financial trojan
TRANSCRIPT
@threa'ntel | www.symantec.com
TROJAN DESIGNED TO STEAL BANKING CREDENTIALS BY INTERCEPTING ONLINE BANKING SESSIONS
WHO IS BEHIND IT?
USER RECEIVES SPAM EMAIL
1
USER OPENS ATTACHMENT & IS ASKED TO ENABLE MACROS
2
VBS.DOWNLOADER.TROJAN IS DROPPED
3
.VBS FILE INSTALLS W32.CRIDEX TROJAN
4
WHO HAVE THEY TARGETED?
AUSTRALIA
18
ITALY
29 US
76 UAE
14 UK
33
? PROFESSIONAL CYBERCRIME ORGANIZATIONS
HOW IS IT DISTRIBUTED?
WE SPEAK ENGLISH!
ONE LARGE GANG
MULTIPLE SUB GROUPS
OR
SPAM EMAIL CAMPAIGNS
HOW BIG ARE THE ATTACKS?
OVER 10 WEEKS… 270K
INVOICE ORDER SCAN RECEIPT PAYMENT
#TROJAN #DRIDEX
CAMPAIGNS 145
CAMPAIGNS PER DAY
3
WHAT DOES IT DO?
EMAILS BLOCKED PER CAMPAIGN
NUMBER OF ORGANIZATIONS