Today, we are proud to announce our partnership with a joint effort involving the Federal Bureau of Investigation (FBI) and security researchers from other security vendors to take down multiple command-and-control (C&C) servers used by the DRIDEX botnet in the US. This follows action taken recently by the National Crime Agency (NCA) in the UK against C&C servers used by DRIDEX.
In this action, US law enforcement officials obtained court orders that resulted in the seizure of multiple servers used by DRIDEX. This seizure crippled the malware’s C&C network, which is used by the malware to send the stolen information to the cybercriminals and to download configuration files that include the list of targeted banks.
All cooperative law enforcement action like this is important and a victory for everyone because it helps reduce cybercrime and make the internet safer. This particular action is especially important because DRIDEX stepped in to fill the gap created when the Gameover Zeus (GoZ) was taken down in June 2014 (an operation where Trend Micro also assisted law enforcement).
DRIDEX is the next generation family of online banking malware that learned and improved on prior successful malware like Gameover Zeus. It takes steps to hide itself from detection on infected systems and targets specific online banking activity. The goal is to obtain online banking credentials, which can then be sold on the cybercriminal underground.
In the past year DRIDEX has increasingly grown in its reach and impact and has been a regular fixture in our recent quarterly threat roundups.
This action, coupled with the prior action against Gameover Zeus, gives a clear message that the criminals may be ready to exercise new attacks in the face of successful law enforcement action, but law enforcement and the industry are also ready to act quickly to take the new attacks back down.
If you’re a Trend Micro customer, we have been providing protections for DRIDEX since it came on the scene in July 2014. We have protections for the new variants involved in this latest take down. If you’re not a Trend Micro customer and are concerned you’re infected, you can use our free Housecall tool to check your system.