It has been discovered that an updated Dridex banking malware is using a Domain Name System trick to direct victims to fake banking websites. Even if a user types in the correct domain name for a bank, the fake website is still shown in the browser.
Tim Erlin, Director of IT Security and Risk Strategy for Tripwire says, “We implicitly trust that the address we type into the browser is the website we get, but DNS redirection cs that trust. There are, in fact, multiple systems involved in turning that web address into an actual destination for your requests. The best way to prevent this kind of attack is to avoid the initial malware infection. While the malware itself may be advanced, the initial infection occurs via simple phishing.”
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.