The Stack Archive

Dridex banking malware warning for UK Windows users as NCA and FBI take measures

Wed 14 Oct 2015

The UK’s National Crime Agency (NCA) has issued a warning to UK online banking consumers to guard against the possibility of having been infected by the Dridex malware, also known as Cridex and Bugat, stating that there could be ‘thousands of infected computers’ in the UK. The NCA are joining with the FBI in the United States to ‘sinkhole’ the botnet which is responsible for the spread of the malware. The report indicates that Windows users are the primary targets of the attacks.

Dridex, which seeks to harvest users’ banking credentials, apparently originates with what the NCA’s release describes as ‘technically skilled cyber criminals in Eastern Europe’, and is said to target both individuals and consumers alike. Losses in the UK to the attacks are currently estimated at £20mn.

dridex-infection-chain-trend-microThe Dridex malware is a new strain of the Cridex breed, and infects users via macro actions which launch when opening infected documents.

The malware spreads via the most predictable phishing methods, according to the report, with users inveigled into clicking on links to bogus sites, sent to them in scam emails. The NCA describe their joint efforts with the Federal Bureau of Investigation as part of a ‘sustained and ongoing campaign targeting multiple versions of Dridex and the cyber criminals behind it, who operate in hard to reach parts of the world.’

The current joint efforts against Dridex involve further cooperation with JCAT and EC3 at Europol, as well as the Metropolitan Police Service, CERT-UK, GCHQ, the Moldovan authorities, Germany’s BKA and ‘key private sector security  partners’. These efforts have been reported to have resulted in ‘significant arrests’.

“Those who commit cyber crime are very often highly-skilled and can be operating from different countries and continents,” says Robert Anderson, an Executive Assistant Director at the FBI. “They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cyber crime…We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails.”

The advisory notice recommends a slew of standard online security suites to internet users, including offerings from F-Secure, Microsoft, McAfee and Sophos. It also advises users to ‘be vigilant’ against unexpected emails, and particularly against opening any documents that they may contain, or clicking on any links within the mails. Users who believe they have already been affected by Dridex should seek advice at the Action Fraud website.

Send us a correction about this article Send us a news tip