by Michael Mimoso December 12, 2014 , 9:52 am
The Upatre downloader is the vehicle that has driven numerous banking Trojan and ransomware attacks to the front door of countless victims at great cost.
Microsoft on Thursday warned of a wire-transfer spam campaign that it’s spotted that is spreading Upatre and eventually loading the dangerous Dyreza banking Trojan. Not only has Dyreza been implicated in the theft of banking credentials from victims worldwide, but it was also at the center of attacks against Salesforce.com users and was spotted exploiting the same vulnerability used in APT attacks carried out by the Sandworm group.
The spam messages spotted by Microsoft include a malicious .scr or PDF attachment and a message claiming that the recipient has been sent a wire transfer of $35,292. The attachment contains a ZIP file called payment1872.zip that extracts Upatre. The downloader opens a connection to one of two domains, either continua[.]ltd[.]uk or odecarequipa[.]com where Dyreza awaits and is loaded onto the compromise computer; Microsoft detects this variant of Dyreza as Dyzap.h.
Full Article
Upatre Downloader Spreading Dyreza Banking Trojan
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.