Dridex strikes and is bitten back

This week saw the all too familiar shrieking headlines on the front pages of all newspapers, websites and security blogs (ermm) informing us all that yet another piece of Malware, this time called Dridex (son of Cridex, overthrower of Zeus) has been very effectively deployed and used to snaffle funds from bank accounts all round the world, £20 Million in the UK alone.

Dridex is delivered by emails, which try to trick the recipient into opening a Microsoft Office file which contains the bad stuff, infects your machine and sits there waiting to take screenshots of your credentials. The naughty rat can also run programs and sniffs out social media passwords into the bargain.

Two pieces of good news are that most AntiVirus providers can now identify and prevent Dridex and also the FBI, working with multiple security vendors took down a large number of Dridex command and control servers on Wednesday 13th of October, making the world a somewhat better place, for now at least.

Infected machines still need to be deloused and you can read all about how to do that here: https://www.us-cert.gov/ncas/alerts/TA15-286A

How can all of this Malware be infecting your machines we hear you ask? Well all you need to do is look at this week’s patch advisories from Microsoft and Adobe to see.

This week’s Microsoft gems (33 CVE-listed bugs are fixed) include a bug in MS Excel meaning opening a malicious spreadsheet can cause your machine to be taken over, honestly. There is also a set of fixes for Internet Explorer, if anybody uses that anymore. It’s very important because without the fix your PC can be hijacked just by visiting web pages.

Not to be outdone, Adobe has patched 56 CVE-listed vulnerabilities in Acrobat and Reader and 13 in Flash Player for all platforms.

With friends like these, who needs enemies?

The usual advice applies. Please make sure that your MS and Adobe bits and pieces are patched up and sparkly clean or face the risks.

ITC’s NetSure360 managed security service includes technology to help you identify unpatched machines or those with out of date AntiVirus and to quarantine them until they are fixed, or just ban them from your network.

If you would like to discuss any of the frankly very worrying subjects in this week’s blog, please contact us on: 02075173900 or [email protected]