Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Detection & Analysis of Dridex with CyberShield AnD for IT

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up for yours below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in out online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

By registering you agree with our terms and conditions and privacy policy.

Dridex has been one of most notable threats since its appearance in late 2014 and throughout 2015. A strain of malware evolving from the infamous Zeus family, it is designed to steal personal banking information and credentials.

Its operators seem to focus on small and medium-sized organizations as targets. The attack is said to be responsible for the theft of over $50 million, out of which $30 million stolen from UK accounts alone.

A recent arrest by the FBI of Moldovan national Andrey Ghinku had contributed little to stopping the threat. The gang behind Dridex is believed to have links to similar cybercrime gangs, such as the so called ‘Business Club’ behind GameOver Zeus, and we believe that the experience and lessons gained by previous activities allow Dridex authors and affiliates to keep their infrastructure alive and to stay active and dangerous.

The following report provides the details of a dynamic behavioral analysis over several samples of Dridex, focusing mainly on its infection and persistency methods.

Brought to You by