Is the appearance of white hackers that incorporate security software into malware to protect users?
Malware used to steal online banking account information "Dridex"The botnet that begins to take anti-virus software to start to distribute anti-virus software, which is far from the original bank fraud is"Avira"The investigation turned out. According to the company, there is a possibility that Dridex's botnet was hacked by someone.
Dridex botnet distributor now services Avira - Avira Blog
Dridex malware exploit distributes antivirus installer-hack suspected | Ars Technica
Dridex is a type of online banking fraud tool, and when infected, screenshots of screens are taken, login information is stolen, and other damage is brought. By using the ingested personal information, it becomes possible to perform unauthorized login to online banking and SNS etc. In the United States, as of October 2015 Dridex'sThe damage amount is about 1.2 billion yenI came up to.
The US government who saw the situation heavily saw Dridex's botnetBlocked in October 2015. Although the botnet was sealed by the government's efforts, the user is required to have strict warnings since the blocking.
According to Avira of antivirus software, Dridex which was notoriously disappointing that the government blocked it, it turned out that the malicious link in Dridex's botnet was reconstructed as Avira's installer. In other words, even if the user opens a Dridex embedded attachment, Dridex will not be installed, but the anti-virus software installer will be launched. Moreover, the Avira software that can be installed is not a malfunction such as expiration, it is a copy of a proper regular edition.
A researcher at Avira says, "For now the cause is unknown at all, but the white hacker may have hacked Dridex's botnet, or it may be that a hacker is trying to offend Avira. Whether Dridex's botnet incorporates the Avira anti-virus software installer is not what we set in. "
According to Ars Technica of IT related media, this time it is not the first time that the Avira installer was incorporated into the virus. Avira's installer, in the pastCryptoLockerYaTeslaCryptAlthough it may have been built into Ransomua such as CryptoLocker, it was a specification that can not run the installer in the case of CryptoLocker. It is a very worrisome point as to whether the culprit who incorporated Avira in Dridex's botnet is doing with good intentions or something behind it.
in Security, Posted by darkhorse_log