In the recent days we have been seeing a lot of commotion around the botnet Dridex. This improved version of Dridex is proliferating thanks to an effective phishing campaign. Taking advantage of the proximity of the annual tax declaration, the organization behind this botnet is sending emails to unsuspecting victims informing them that they have a substantial tax return.
Usually, attached to the email, there’s an office document with a macro inside that downloads and executes the Dridex binary, effectively infecting the user.
Avoiding an infection via a phishing campaign is quite easy as long as you follow these guidelines:
- When possible, avoid opening emails from an unknown source.
- Avoid opening any kind of attachment if it comes from an unknown source.
- If you are expecting an email from someone who’s not in your contacts, make sure to double check that they are the ones that sent it.
- If by any chance, you must download the attachment, send it first to a malware scanner like VirusTotal.
Happy surfing and remember that stopping this kind of crime begins with safe internet habits!
Threat Intelligence Analyst