Endpoint Protection

 View Only

  • 1.  Dridex Malware

    Posted Mar 26, 2015 08:09 PM
    Does symantec have a detection for variants of Dridex Malware. I can't seem to find much information on it.


  • 2.  RE: Dridex Malware

    Posted Mar 26, 2015 08:17 PM

    The name is different but was falling under generic Trojan Horse:

    https://www.virustotal.com/en/file/de25222783cdcbe20ca8d8d9a531f150387260e5297f672474141227eeff7773/analysis/1419394924/

    Or FakeAV / W97M:

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-101013-3606-99

    http://www.symantec.com/security_response/writeup.jsp?docid=2014-110100-2117-99



  • 3.  RE: Dridex Malware
    Best Answer

    Posted Mar 27, 2015 04:27 AM

    Hi ,

    We absolutely do.  Dridex is the latest variant of Cridex, a dangerous banking trojan. Here's the main Symantec classification for Cridex:

    W32.Cridex
    http://www.symantec.com/security_response/writeup.jsp?docid=2012-012103-0840-99

    Trojan.Cridex
    http://www.symantec.com/security_response/writeup.jsp?docid=2015-012314-0117-99

    Other Dridex samples are caught as Trojan Horse, Trojan.Gen and other more generic names. There is also coverage in place for 64-bit versions, heuristic signatures against Cridex, IPS, etc.  Those are quite effective.

    For more on this and similar threats, please see:

    The state of financial Trojans 2014
    http://www.symantec.com//content/en/us/enterprise/media/security_response/whitepapers/the-state-of-financial-trojans-2014.pdf

     

    Please update this thread with news if this has answered your question or if anything additional is needed!

    Many thanks,

    Mick

     

     

     



  • 4.  RE: Dridex Malware

    Posted Mar 27, 2015 12:32 PM

    Thanks all for your Input!