Evil : Someone pwned the deadly Dridex botnet and infected it with Avira anti-virus
The world is full of good samaritans and this was proved once again when a anonymous hacker hacked the dreaded Dridex botnet in such a way the victims clicking it instead of being infected with deadly banking trojan were made to download a signed copy of free Avira anti-virus.
For the uninitiated, Dridex is a deadly banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers steals banking credentials and other personal information on the system to gain access to the financial records of a user.
Dridex operates by first arriving on a user’s computer as a malicious spam e-mail with a Microsoft Word document attached to the message. If the victim opens the document, a macro embedded in the document surreptitiously triggers a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions.
It is this word document that was infected by the anonymous hacker with a copy of Avira antivirus. This was revealed by Avira’s Lyle Frink who noted this strange phenomenon on the Avira’s blog. In the blog, Frink denied any involvement in the hack. According to Frink, the events unfolding are strange, but simple. Instead of malware, incautious users are being duped into downloading free and legal copies of Avira anti-virus.
Clicking on a link in a Dridex spam email will sometimes now give you a valid, signed copy of Avira Free Antivirus software — perfect for cleaning Dridex’s Trojans out of your system once and for all.