A new version of the Dyreza/Dyre malware, containing new targets in its configuration file, has been detected and its analysis was sent to SCMagazineUK.com from CSIS.
According to the analysis, the spam emails contain malicious PDF attachments that target vulnerabilities in unpatched versions of Adobe Reader and Acrobat. Tricking users with subject lines like “unpaid invoice,” “new bank details,” out of date software is immediately susceptible to the arbitrary code that, when executed, allows Dyreza to be downloaded and run in the host system.
Free patch tools, like the Heimdal Security Agent, will automatically update both Adobe and third party products and prevent malicious code from running even if the user opens the email attachment, CSIS advises.
Though previously observed primarily in the US, Dyreza is now targeting banks in Switzerland, the report points out, while the majority of its C&Cs are hosted at OVH in France.