News

White Hat Hacker Tweaks Dridex Malware to Distribute Antivirus Software

The Dridex banking malware has been a huge headache for a large part of the financial and technology industries, but it seems there’s a white knight out there looking to turn the tables on this pesky infection. After a mysterious hijacking of the virus distribution servers, they’ve now started dealing out legitimate installers for Avira Free Antivirus, thus helping to remove the infection from systems and hopefully clearing up a few other issues along the way. The bonus being that anyone stupid enough to fall for the infection in the first place could technically come out cleaner on the other side.

The malware is most often spread through spam messages and malicious Word documents. Being one of the three most widely used trojans in the world, the malware targets online banking users and steals information before feeding it back to a server where it can be used to take money, as well as other information from your accounts. Agencies in the UK and US managed to disrupt the botnet last year, even going as far as indicting a man in Moldova who they believe was responsible for the attacks, but it did little, if anything, in the long run to prevent the botnet from distributing the software.

Researchers at Avira recently noticed that the Dridex distribution servers begin pushing an up-to-date Avira web installer instead of the trojan, which is obviously a great step in combatting the problem, although how long this will last remains to be seen.

“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira, via email. “This is certainly not something we are doing ourselves.”

The only theory that makes sense so far is that a white hat hacker has hijacked their servers and tried to turn the tables.

“I really think it is a hacker who has discovered how to do a good thing but perhaps with not strictly legal methods,” Kroll said. “If you think about it, there was a huge media announcement when Dridex was ‘taken down’ by the government authorities and a much smaller level of reporting on its return to the marketplace. That has got to be frustrating to some and might cause them to think: ‘The government tried to take it down, they could not, I can do something myself’.”

Either way, anything that slows this nasty bit of software is a good thing!

Peter Donnell

As a child still in my 30's (but not for long), I spend my day combining my love of music and movies with a life-long passion for gaming, from arcade classics and retro consoles to the latest high-end PC and console games. So it's no wonder I write about tech and test the latest hardware while I enjoy my hobbies!

Disqus Comments Loading...

Recent Posts

Twitch Now Banning All Content Focusing On Intimate Body Parts

As by now, I'm sure you are aware Twitch has decided to go ahead and…

5 hours ago

Seconds Patch of “Operation Medic Bag” For Payday 3 Released

I doubt many of you have been keeping up with Payday 3 which is understandable…

7 hours ago

MSI Announces SPATIUM M580 FROZR With A Huge Cooler

Today MSI has announced a new Gen 5 SSD, the SPATIUM M580 FROZR which comes…

7 hours ago

LENRUE PC Speakers, USB/USB-C Powered Computer Speakers with Loud Stereo Sound

Stereo and Noiseless - Without any noise! After multiple debugging, suppress static. Become clearer and…

8 hours ago

HP M27f Ultraslim Monitor 27 Inch

PICTURE-PERFECT IMMERSION – Work or play on a monitor that redefines high definition with its…

8 hours ago

Govee LED Light Bars, Smart WiFi RGBIC TV Backlight

Syncs With Your Music: With an internal high-sensitivity mic, Govee Flow Plus LED light bars…

8 hours ago