News

White Hat Hacker Tweaks Dridex Malware to Distribute Antivirus Software

The Dridex banking malware has been a huge headache for a large part of the financial and technology industries, but it seems there’s a white knight out there looking to turn the tables on this pesky infection. After a mysterious hijacking of the virus distribution servers, they’ve now started dealing out legitimate installers for Avira Free Antivirus, thus helping to remove the infection from systems and hopefully clearing up a few other issues along the way. The bonus being that anyone stupid enough to fall for the infection in the first place could technically come out cleaner on the other side.

The malware is most often spread through spam messages and malicious Word documents. Being one of the three most widely used trojans in the world, the malware targets online banking users and steals information before feeding it back to a server where it can be used to take money, as well as other information from your accounts. Agencies in the UK and US managed to disrupt the botnet last year, even going as far as indicting a man in Moldova who they believe was responsible for the attacks, but it did little, if anything, in the long run to prevent the botnet from distributing the software.

Researchers at Avira recently noticed that the Dridex distribution servers begin pushing an up-to-date Avira web installer instead of the trojan, which is obviously a great step in combatting the problem, although how long this will last remains to be seen.

“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira, via email. “This is certainly not something we are doing ourselves.”

The only theory that makes sense so far is that a white hat hacker has hijacked their servers and tried to turn the tables.

“I really think it is a hacker who has discovered how to do a good thing but perhaps with not strictly legal methods,” Kroll said. “If you think about it, there was a huge media announcement when Dridex was ‘taken down’ by the government authorities and a much smaller level of reporting on its return to the marketplace. That has got to be frustrating to some and might cause them to think: ‘The government tried to take it down, they could not, I can do something myself’.”

Either way, anything that slows this nasty bit of software is a good thing!

Peter Donnell

As a child in my 40's, I spend my day combining my love of music and movies with a life-long passion for gaming, from arcade classics and retro consoles to the latest high-end PC and console games. So it's no wonder I write about tech and test the latest hardware while I enjoy my hobbies!

Disqus Comments Loading...

Recent Posts

The Raspberry Pi 500 and Raspberry Pi Monitor Goes On Sale

Raspberry Pi enthusiasts rejoice! The much-anticipated Raspberry Pi 500, a powerful new computer built into…

7 mins ago

Intel Arc B580 Vulkan and OpenCL Results Leak, Showing Similar Performance to RTX 4060

We are just days away from seeing Intel’s new Arc B series graphics cards in…

58 mins ago

ViewSonic Preparing 27-inch 520Hz OLED Monitor for CES 2025

ViewSonic is set to unveil a groundbreaking 27-inch OLED monitor at the upcoming CES, featuring…

1 hour ago

Ubisoft Considers Tencent Acquisition After Challenging 2024

Ubisoft is still struggling after a difficult 2024, a year marked by the closure of…

1 hour ago

Sparkle Intel ARC A770 ROC Luna OC Edition 16GB GDDR6 Graphics Card

Clock SpeedsMax. GPU Clock (Boost)2300 MHzMax. Memory Clock17500 MHzMax. GPU Clock (Base)2100 MHzProduct seriesProduct Series/FamilyARCColourPrimary…

2 hours ago

Synology Diskstation DS423+ 4 Bay Home and Office NAS Enclosure

The versatile DS423+ can serve as a central storage device as well as a multimedia…

2 hours ago