Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

UPDATE: CYREN Continues to Analyze Significant Malware Attack

UPDATE: CYREN Continues to Analyze Significant Malware Attack

For the last 24 hours, CYREN’s Virus Outbreak Detection (VOD) has been monitoring a significant malware attack, with over 80% of all malware passing through the CYREN VOD system containing this Trojan virus with obfuscated Visual Basic macro code. As we delve more deeply into our analysis of the virus, we are learning more.

The downloaded executable file DCITXEKBIRG.EXE is a malicious Trojan/Downloader and is a variant of “Cridex” family. Cridex is a known family of botnets that can steal user’s personal information such as their banking user names and passwords, as well as their personal info from social networking websites. It does this by monitoring the user’s keystroke activities particularly on financial or banking websites and sends those data to the C&C server.

Once executed, it will drop a copy of itself to:

“%userprofile%/Local Settings/Application Data/edg4.exe”

It created the following registry keys:

HKLMSOFTWAREMicrosoftESENTProcess<filename>DEBUG = “ Trace Level”

While running, the virus attempts to connect to its C&C server; once a connection has been established, it waits for further instructions from the server. The server usually sends the infected machine a configuration file containing further instructions such as downloading and installing other malicious files.

This particular variant tried to connect to IP address where the C&C server is being hosted.

Additional details on this story can be found in our previous blog article: CYREN First To Detect Significant Malware Attack

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...