The threat of “Dyre” trojan discovered a few months back seems to have been upgraded with some recent reports with the finding of some variants. Dyre is a malware targetting customers of more than 1000 banks worldwide. Indian Banks are also in its radar and according to security researchers, it is one of the most dangerous trojans presently targetting Indian Banking scenario. It targets Windows computers and can steal Banking and other credentials.
The malware is delivered via an email message that comes with an attachment claiming to be a legal document containing a Zip or PDF document containing details about recent law modifications regarding fraudulent activity or any other information. The Trojan delivery spam emails may include a PowerPoint attachment containing an exploit for the CVE-2014-4114 vulnerability in Windows operating system. The weakness is present in the OLE (Object Linking and Embedding) packager that allows download and execution of INF files.
Financial institutions, Payment services and HR related websites are the targets for the Dyre malware and India appears to be the sixth most targetted country for the time being.
Dyre’s money stealing activity follows a well-known pattern, with the web browser being hijacked for monitoring web sessions and redirecting the victim to fake websites or altering the content of the web pages on the fly to capture banking login credentials in man-in-the-browser events.
According to experts, the Dyre exfiltered data is difficult to distinguish since it is encrypted (with its own key) and appears like legitimate traffic. It includes log in credentials for a large number of global banks.
There are several prominent Banks which are targetted by the trojan including Bank of America, Citigroup, the Royal Bank of Scotland, Ulsterbank, and Natwest. At this point of time the list of Indian Banks in the Dyre’s radar is not clear though at least two Banks are reportedly in the list. One can expect ICICI Bank and HDFC Bank to be those Banks being the most prominent e-Banking entities in India. Customers of these Banks should therefore be extra careful when dealing with spam mails.
Simultaneously, we need to be also aware that the malware writers are getting more sinister as can be observed in the case of the “Rombertick” trojan which when detected could destroy part of the master boot record just to evade itself. It is a kind of a “Suicide Bomber” who when confronted blows himself.
E Bankers therefore are in a continuous attack from sophisticated trojans/viruses and are left to fend for themselves. It is therefore essential for the promoters of E Banking transactions which includes RBI in particular to mandate protection of Banking customers through appropriate Cyber Crime insurance. Bankers need to assume responsibility for malware activities and provide insurance cover along with their own secure web applications for customers to use.