A global spam campaign is attacking Australian banks, spreading a modified banking trojan.
Malware analysts from security vendor, Bitdefender, have discovered new variants of the Dyre family of financial trojans.
Dyre is very similar to the infamous Zeus trojan exploited by the now defunct Gameover Zeus botnet. Bitdefender senior E-Threat analyst, Bogdan Botezatu, explained that Dyre Wolf is a codename for a cybercrime operation that initially targeted a specific bank.
Botezatu explained that the user will receive an email message that they are using a new computer or an untrusted browser. They are then directed to enter additional details to confirm their identity such as passwords or personal information.
Botezatu warned that even if a user has this as part of their security suite, it will not protect from Dyre because the Internet traffic is still only heading to and from the banking website. It is simply being intercepted and manipulated on the user’s end.
The latest campaign took the form of repeated email requests directing users to download an attachment and provide supporting financial details.
The vendor aid thousands of people were invited to download an archive containing a malicious .exe file claiming to come from a tax consultant.
Posing as a follow-up email, a subsequent message asked users to urgently download the attached archive and provide information to complete a financial transaction.
Customers of reputable financial and banking institutions from the US, UK, Germany, Australia, Romania and France have been targeted.
In Australia, the malware went after clients of the Bank of Melbourne and local units of ING, Citibank and HSBC.
According to Bitdefender Labs, 19,000 malicious emails were sent in three days from spam servers in the US, Taiwan, Hong Kong, Denmark, Russia, China, South Korea, UK, Australia and several other areas.