23 January 2016
The Dridex banking Trojan is back from the ashes like the Phoenix. In his post ‘Dridex malware adopts redirection attacks to target high-value UK banking customers’, published on 20 January 2016 in security blog GrahamCluley, David Bisson clearly shows that the Trojan attacks banks and end users with terrifying speed.
How can end users protect themselves?
‘As for ordinary users, maintaining an updated anti-virus solution and refusing to click on suspicious links will go a long way towards protecting your life savings from low-life criminals.’
To be honest, the advice to keep the anti-virus solution up-to-date creates a false sense of security. Let me give you a current example.
Last Tuesday I got an email with an attachment containing the malware ‘VirTool:Win32/CeeInject.GF’. I uploaded the attachment to VirusTotal for inspection and found that only 8 of 54 anti-virus solutions identified the malware, although the malware or a variant was first published about 9 month ago:
Table 1: Result of first scan
These are definitely not the heavyweights in the consumer market. 7 hours later only 12 of 54 anti-virus solutions identified the malware. For the development in the next days see the following table:
Table2: Changes in identification rate
In the worst case consumers were unprotected for about 2 days. Moreover, up to yesterday evening 22 of 54 anti-virus solutions had still not identified the malware.
Advanced endpoint security tools could deal definitely better. Unfortunately the vendors of such solutions focus on the private businesses.
In the latest issue of the Cyber Intelligencer Michael Applebaum writes:
‘What the industry desperately needs is rigorous, scientifically validated third-party testing of endpoint security technologies, across a range of real-world scenarios. Invincea has been prominently calling for this and we hope to see progress in 2016 by reputable third parties.’
Even more than the industry the consumers need decision-making aids in how to protect effectively against malware. At the moment they are not participating in the progress in technology at all.
As always the user is the first and best line of defense. ‘Check twice before you click on whatever links or attachments’, is the best possible advice.
Have a good weekend, and, don’t rely too much on your anti-virus solution!