Dridex Takedown

The UK National Crime Agency together with the FBI and the US Department of Justice recently filed charges against the author of Bugat/Cridex/Dridex. Andrey Ghinkul was arrested on August 28, 2015 in Cyprus and the US is now seeking his extradition. Dridex has reportedly caused multi-million dollar losses to financial institutions and businesses globally.

Dridex is known to propagate via Microsoft Word documents which pretend to be legitimate but contain malicious macro code. These macros will eventually download an executable from its C&C and/or a compromised website. F-Secure has generic detection (Trojan:W97M/MaliciousMacro.GEN) that specifically looks for malicious macros inside Office document files.

As the authorities are cleaning up the Dridex botnet, detections for malicious macros has been felt and a spike can be seen in our back end statistics.

F-Secure customers are protected by our Hydra (scanning engine) and DeepGuard (behavioral-based) technologies.

Virus and spyware history Trojan:W97M/MaliciousMacro.GEN

Trojan:W97M/MaliciousMacro.GEN detected.

F-Secure Internet Security, Harmful file removed

Harmful file removed.

Besides having generic signature detection of malicious macros, our DeepGuard behavioral engine also blocks. Two layers of protection are better than one.

F-Secure Internet Security, Application blocked

Application blocked for bad behavior.

A document dropping an executable? Yeah, that’s never a good thing.

Q: Are these Dridex activities all related to authorities taking down the botnet?
A: We don’t know.



Articles with similar Tags