US Homeland Security sent out an alert this week about an email phishing campaign that is distributing the “Drye” (or Dryze) banking malware. Drye targets users of banking and financial sites to steal their login credentials and commit financial fraud.
Dry was identified and reported on extensively in June, but Homeland is warning of an elaborate phishing campaign by attackers. Drye uses a man-in-the-middle attack that lets the hackers intercept unencrypted web traffic. Victims think they have a secure connection with their financial site, but the traffic is actually be diverted to the hackers servers.
In phishing campaigns, hackers send deceptive emails hoping to trick the recipient into downloading malicious software or visiting malicious web sites. According to Homeland Security, emails used in this campaign typically have a subject of “Unpaid Invoice” and contain an infected PDF attachment. If you open the attachment it will exploit vulnerabilities found in unpatched versions of Adobe Reader to download the banking malware.
This threat is similar to the Zeus banking Trojan which is responsible for hundreds of millions of dollars in financial fraud loses over the past year. However, unlike some variants, it is not an offshoot of the Zeus source code.
Homeland Security provided the following recommendations for dealing with this campaign, but we would hasten to add that this is good advice for dealing with all phishing campaigns:
Users and administrators are recommended to take the following preventive measures to protect their computer networks from phishing campaigns:
- Do not follow unsolicited web links in email
- Use caution when opening email attachments
- Follow safe practices when browsing the web
- Maintain up-to-date anti-virus software
- Keep your operating system and software up-to-date with the latest patches
Comodo has designed a unique solution for businesses whose employees and customers are likely to be target of just such an attack. Comodo SecureBox is a client application that ensures an application can operate safely and communicate critical data even if the client computer is already infected. Learn more here