Trojan apparently slain by geek

Not even malware is hackproof, it appears:

Users tricked by spam messages to open malicious Word documents that distribute the Dridex online banking Trojan might have a surprise: they’ll get a free antivirus program instead.

That’s because an unknown person — possibly a white hat hacker — gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced it with an installer for Avira Free Antivirus.

Good thing, right? But still against the law:

Although replacing known malware with an antivirus isn’t an activity most people would consider a hacking crime, it’s likely against the law in most countries. A whitehat hacker who figured out a way to penetrate Dridex servers and tamper with the malware distribution channel may have done so discreetly to prevent being detained or prosecuted by law enforcement authorities.

And of course there’s a worst-case scenario:

A competing theory is that Dridex operators intentionally included the AV installer, possibly to throw off the detection process of other AV engines.

Which might be plausible, since the installer does not actually autorun: the person receiving it has to run it manually.

(Via Fark, with the kind assistance of @SwiftOnSecurity.)

1 comment

  1. abraham »

    7 February 2016 · 7:13 am

    Well, if it is a white hat hacker, I would like to meet and shake that persons hand.

    On the other side of the coin, if your not as skilled as he is, then you need to know about Jentu Technologies as a desktop and security device.

    Check out our site and protect yourself in case the white hat hacker wasn’t the cure, and the second theory holds water, then you need security and breach mitigation.

    Jentu provides both in one box.

RSS feed for comments on this post