View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Dridex banking malware pioneers the short spam campaign

Hackers use five-hour stints to evade antivirus detection.


The banking malware Dridex is pioneering a short-form spam campaign that allows it to more easily evade detection, according to the networking firm Cisco.

Hackers behind the virus, which uses Microsoft Office macros to install itself onto victims’ computers, created two five-hour campaign last week, still using financial subject lines to trick people into opening the malicious emails.

Nick Biasini, a threat researcher at Cisco security group Talos, wrote on the firm’s blog: "Not only did the attackers use different subjects for every email they also rarely reused an attachment name."

He added that for the first campaign the body of the email was blank, though the second appeared to be a conventional invoice.

However both campaigns included a word document with no legible text, which may alert the victim that something is amiss.

Once opened the malicious file was said to attempt to install a variant of Dridex onto the computer, the fourth that Talos has analysed over the last few months.

Biasini noted that antivirus software was having trouble keeping up with the campaigns, with protections against Dridex only being available towards the end of the five hours.

Content from our partners
Why all businesses must democratise data analytics
Unlocking the value of artificial intelligence and machine learning
Behind the priorities of tech and cybersecurity leaders

"In many of these shorter campaigns, the antivirus update can actually occur after the campaign has essentially completed, as shown below in a Dyreza C malware campaign that occurred just a couple of weeks back," he said.

"Previously, [spam] campaigns continued for days or weeks and leveraged the same subject or attachment name allowing for quick detection and prevention.

"Today, these campaigns are short lived with mutating subjects and attachments designed specifically to avoid detection and prevention."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy