Dyre malware cyber gang disrupted following raid on Moscow office

Russian authorities have reportedly disrupted a Dyre malware gang following raids on Russian film distribution and production company, 25th Floor.

The firm was raided last November as part of crackdown against the Dyre malware gang, reports Reuters.

Dyre malware was reportedly deployed in cyber attacks against financial institutions like Bank of America and JPMorgan Chase.

It is not clear whether the raid managed to cripple the network altogether, as security researchers say that there have been Dyre attacks since the raids were carried out.

According to Reuters, a number of people have been questioned about their links to the gang but it is not clear whether any arrests or any criminal charges have been made following the raid.

25th Floor is involved in the distribution of movies and TV shows in Russia and other East European and near-east countries.

There is no evidence of the firm having been implicated in any crime, nor any confirmation regarding the link between the shutting of the programme and the raid.

Cyber experts, however, believe that that Dyre malware infection stopped following the raid.

iSight Partners cyber crime expert John Miller told the news agency: "We have seen a disruption over the last few months that is definitely consistent with successful law enforcement action."

Cyber security company Kaspersky Lab is helping Russian authorities in the Dyre investigation. A source familiar to the matter told Reuters that the company would reveal the details of the case during its annual conference for security experts. The conference plan was yet to be confirmed by the company.

According to security experts, Dyre Trojan uses a man-in-the-middle (MitM) attack technique called "browser hooking."

Browser hooking allows attackers to divert users to fake websites, prompting them to provide their login details. After securing the login details, the attackers use the infected device or proxy to steal data.

According to Trendmicro, the Dyre virus typically arrives in users’ systems via an UPATRE downloader detected as TROJ_UPATRE.SMBG that arrives as an attachment in spam emails.

After installation of the virus, it downloads a worm (or WORM_MAILSPAM.XDP) that can compose email messages in Microsoft Outlook, with an attached UPATRE malware.

According to IBM, spear phishing, malware (initial infection via Upatre), social engineering, complex process injections, the Deep Web and even Distributed Denial of Service (DDoS) are some of the techniques used by the Dyre malware attackers.