06-01-2018, 03:15 PM
Something is happening, malware vendors aren't deleting the competitor's malware anymore, instead they are choosing to work together and develop new and improved versions of current malware or new versions altogether. This is of course in an effort to share profits between the two parties.
Any system that is infected with IcedID, are actually downloading the "TrickBot" malware, this is a current version of the "Dyre" banking malware. IcedID was first spotted by researchers in November of last year. More recently, researchers from IBM's X-Force published a report stating to have discovered a new banking malware spreading via a spam campaign. Systems that are compromised end up getting infected with an Emotet downloader which will in turn grab the IcedID malware from the attacker's domain.
The team that discovered the malware thought that Emotet was compromised by the operators behind the "Dridex" banking trojan. IcedID is utilized by the attacker to maintain persistence within the infected machine, most of the systems that were infected were within banking sectors.
IcedID has been in the wild since early to mid 2017, and originally known as BokBot, the malware mainly targets Windows, and also has been found to associate itself with VNC computing modules for remote management and anti-malware bypass modules.
This is evidently an interesting event, vendors working together in a bid to share profits, to create and improve upon new and existing banking malware. This could spell disaster or it could mean a new age for the ever so determined black hat. Either way, I will be keeping an eye on it.
--Sh7nk-Z0id
Any system that is infected with IcedID, are actually downloading the "TrickBot" malware, this is a current version of the "Dyre" banking malware. IcedID was first spotted by researchers in November of last year. More recently, researchers from IBM's X-Force published a report stating to have discovered a new banking malware spreading via a spam campaign. Systems that are compromised end up getting infected with an Emotet downloader which will in turn grab the IcedID malware from the attacker's domain.
The team that discovered the malware thought that Emotet was compromised by the operators behind the "Dridex" banking trojan. IcedID is utilized by the attacker to maintain persistence within the infected machine, most of the systems that were infected were within banking sectors.
IcedID has been in the wild since early to mid 2017, and originally known as BokBot, the malware mainly targets Windows, and also has been found to associate itself with VNC computing modules for remote management and anti-malware bypass modules.
This is evidently an interesting event, vendors working together in a bid to share profits, to create and improve upon new and existing banking malware. This could spell disaster or it could mean a new age for the ever so determined black hat. Either way, I will be keeping an eye on it.
--Sh7nk-Z0id