~Toughbooktalk~ Rob - 630-300-8877

The largest Toughbook discussion site on the net!
It is currently Mon Oct 14, 2019 5:30 pm

All times are UTC-06:00




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Tue Oct 28, 2014 7:45 am 
Offline
User avatar

Joined: Fri Feb 22, 2013 3:10 pm
Posts: 858
Location: Edmonton, Alberta
Phishing Campaign Linked with “Dyre” Banking Malware

Systems Affected

Microsoft Windows
Overview

Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s).[1][2] Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware.
Description

The Dyre banking malware specifically targets sensitive user account credentials. The malware has the ability to capture user login information and send the captured data to malicious actors.[3] Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader.[4][5] After successful exploitation, a user's system will download Dyre banking malware. All of the major anti-virus vendors have successfully detected this malware prior to the release of this alert.[6]

Please note, the below listing of indicators does not represent all characteristics and indicators for this campaign.

Phishing Email Characteristics:

Subject: "Unpaid invoic" (Spelling errors in the subject line are a characteristic of this campaign)
Attachment: Invoice621785.pdf

System Level Indicators (upon successful exploitation):

Copies itself under C:\Windows\[RandomName].exe
Created a Service named "Google Update Service" by setting the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\ImagePath: "C:\WINDOWS\pfdOSwYjERDHrdV.exe"
HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\DisplayName: "Google Update Service"

Impact

A system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services.
Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks from phishing campaigns:

Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks [7] for more information on social engineering attacks.
Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.[8]
Follow safe practices when browsing the web. See Good Security Habits [9]and Safeguarding Your Data [10] for additional details.
Maintain up-to-date anti-virus software.
Keep your operating system and software up-to-date with the latest patches.

US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.

You can report phishing to us by sending email to phishing-report@us-cert.gov.

https://www.us-cert.gov/ncas/alerts/TA14-300A

_________________
CF-D1DW2,CF-U1AQC,CF-29LTQ,CF-31SBM,CF-52youngGUN,

Life's Journey is not to arrive safely at the grave in a well preserved body, but rather to skid in sideways totally worn-out shouting 'Woo Hoo! What a ride!

Motorsports - the only real sport. If it doesn't have a motor, it is just a game.

There is always something waiting at the end of the road, if you are not willing to see what it is, you probably shouldn't be out there in the first place.


Top
   
PostPosted: Tue Oct 28, 2014 10:13 am 
Offline
User avatar

Joined: Fri Jan 18, 2013 11:35 am
Posts: 2969
Common sense is still the best anti virus....

Every one is surprised that I will not use online banking or bill paying......

_________________
Life will beat you into submission.


Top
   
PostPosted: Tue Oct 28, 2014 8:52 pm 
Offline
User avatar

Joined: Fri Feb 22, 2013 3:10 pm
Posts: 858
Location: Edmonton, Alberta
Yes it is, but it is not as common as it once was, so a little reminder can't hurt...much. :)

If Everyone is surprised, that must mean I am No one as I am not surprised at all. :D LOL

_________________
CF-D1DW2,CF-U1AQC,CF-29LTQ,CF-31SBM,CF-52youngGUN,

Life's Journey is not to arrive safely at the grave in a well preserved body, but rather to skid in sideways totally worn-out shouting 'Woo Hoo! What a ride!

Motorsports - the only real sport. If it doesn't have a motor, it is just a game.

There is always something waiting at the end of the road, if you are not willing to see what it is, you probably shouldn't be out there in the first place.


Top
   
PostPosted: Tue Oct 28, 2014 9:06 pm 
Offline
User avatar

Joined: Thu Oct 14, 2010 1:13 pm
Posts: 2253
Location: TDR-HQ California
Yo, Morgan....the forum watch it boy's guru. Good reminder mate.

Shawn....Morgan is literal and will turn your words back to haunt you.....The deal is he reads (and responds) to every word. Which I appreciate. No skimming.

Hey, Mo!......believe it or don't, this is sent from a CF-C1.

J'd

_________________
Fair for you/ Fair for me.
I chose to NOT be organized.

-------------------------------------------------------------------[/color]
http://toughbooktalk.com/
http://forum.notebookreview.com/panasonic/


Top
   
PostPosted: Tue Oct 28, 2014 10:09 pm 
Offline
User avatar

Joined: Fri Feb 22, 2013 3:10 pm
Posts: 858
Location: Edmonton, Alberta
Hey J'd, I'm no guru, grubby ya, guru na. I feel it does not hurt to post the alerts, if they might help someone. Thanks man.

A literal illiterate! :D Isn't that how it is suppose to be, read and respond to the whole communique?? Is there a SOP for responding to emails, PMs and forum posts? Sounds like a job for the Search Ninja. LOL

J'd why wouldn't I believe it, or am I missing something? Wouldn't be the first time, I live by a major airport...there is a lot that goes over my head. :D

_________________
CF-D1DW2,CF-U1AQC,CF-29LTQ,CF-31SBM,CF-52youngGUN,

Life's Journey is not to arrive safely at the grave in a well preserved body, but rather to skid in sideways totally worn-out shouting 'Woo Hoo! What a ride!

Motorsports - the only real sport. If it doesn't have a motor, it is just a game.

There is always something waiting at the end of the road, if you are not willing to see what it is, you probably shouldn't be out there in the first place.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC-06:00


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited