National Cyber Awareness System: 10/27/2014 12:10 PM EDT
Original release date: October 27, 2014
Systems AffectedMicrosoft Windows OverviewSince mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s).[1][2] Although this campaign uses various tactics, the actor’s intent is to entice recipients into opening attachments and downloading malware. DescriptionThe Dyre banking malware specifically targets sensitive user account credentials. The malware has the ability to capture user login information and send the captured data to malicious actors.[3] Phishing emails used in this campaign often contain a weaponized PDF attachment which attempts to exploit vulnerabilities found in unpatched versions of Adobe Reader.[4][5] After successful exploitation, a user's system will download Dyre banking malware. All of the major anti-virus vendors have successfully detected this malware prior to the release of this alert.[6] Please note, the below listing of indicators does not represent all characteristics and indicators for this campaign. Phishing Email Characteristics:
System Level Indicators (upon successful exploitation):
ImpactA system infected with Dyre banking malware will attempt to harvest credentials for online services, including banking services. SolutionUsers and administrators are recommended to take the following preventive measures to protect their computer networks from phishing campaigns:
US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams. You can report phishing to us by sending email to phishing-report@xxxxxxxxxxx. References
Revision History
This product is provided subject to this Notification and this Privacy & Use policy. |