The Dridex banking Trojan appears to have come back from the dead, just a few weeks after the National Crime Agency said it had successfully managed to severely limit its power, working alongside US authorities.
Ryan Flores, of cyber security firm Trend Micro, who also worked on the initial investigation, said in blogpost: "Dridex is steadily regaining its footing in the US."
The UK is also a top target of Dridex related spam, with 14% of its spam messages coming to the UK, compared to 23% in the US. UK losses due to Dridex have been put at £20m.
Although the National Crime Agency’s National Cyber Crime Unit managed to takedown a large percentage of the botnet, which primarily goes after financial institutions, Trend Micro said they had continued to monitor it and had noticed a return.
"We are seeing multiple Dridex-related spam runs, most of which are using social engineering lures that involve financial matters such as an invoice, an unpaid bill, a financial statement, current credit balance, or receipt."
An NCA spokesperson said: "The international activity undertaken in October was part of a sustained and ongoing campaign targeting multiple versions of Dridex and the cyber criminals behind them. Those involved in serious organised crime will always seek to adapt to protect profitable ventures, and the NCA continues to work closely with our international partners to target cyber crime threats including malicious software."
Flores also said that researchers had noticed new variants within the attack code. "We are still checking if these new variants can send email, which would, in effect, bring the entire infection chain for Dridex full circle," he said.