Security Market Segment LS
Thursday, 15 October 2015 14:09

Bank fraud malware arrested Featured


The US Federal Bureau of Investigations (FBI), and UK National Crime Agency (NCA), have arrested a key figure behind a banking scam responsible for the theft of tens of millions of dollars.

The operation saw a 30-year-old Moldovan man charged by prosecutors in the US for offences including criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud, and bank fraud. His extradition to the US is being sought following his arrest in Cyprus in August.

The FBI also obtained an injunction to start sinkholing Dridex infections, by redirecting traffic from infected computers away from command-and-control (C&C) servers to benign substitute servers. The NCA supports the operation.

This is the latest in a series of recent takedowns against major financial fraud cybercrime groups, following earlier operations against Gameover Zeus, Shylock, and Ramnit.

The group, reportedly operating out of Eastern Europe, used Dridex malware to harvest banking credentials from individuals and businesses around the world, with the US, Japan and Germany sustaining the highest number of infections, followed closely by the UK, Canada and Australia.

Dridex is one of many known financial Trojans. While Symantec observed a 53 percent decline in financial Trojans in 2014 — largely due to takedowns and arrests — attackers continue to shift to new platforms to reach their targets. Notably:

  • The nine most targeted financial institutions were attacked with over 40 percent of Trojans
  • Stolen bank accounts often sell for 5-10 percent of their balance value on the black market

Dridex is detected by Symantec as W32.Cridex and also known as Bugat. It is a financial threat which adds the infected computer to a botnet and injects itself into the victim’s web browser in order to steal information, including banking credentials.

The malware is spread via phishing emails designed to appear to come from legitimate sources in order to lure the victim into opening a malicious attachment. It is also capable of self-replication by copying itself to mapped network drives and attached local storage such as USB keys. As is common with most financial attackers, the Dridex group regularly changed its tactics and most recently has been observed using malicious macros in Microsoft Office documents attached to emails to infect its victims.

As reported in Symantec’s State of financial Trojans 2014 whitepaper, Dridex was the third largest financial threat last year, accounting for some 29,000 detections. Nevertheless, this represented a decrease, with the number of infections down 88 percent since 2012.

Recent telemetry suggests a resurgence in activity, with detections beginning to increase again in recent months.

The attackers behind Dridex have targeted a broad range of countries. The largest number of detections in 2015 was in the US. This was followed by Japan and Germany, with significant numbers of infections also seen in the UK, Canada, Australia and a number of other European countries.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments