Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

UPDATE: CYREN Continues to Analyze Significant Malware Attack

UPDATE: CYREN Continues to Analyze Significant Malware Attack

For the last 24 hours, CYREN’s Virus Outbreak Detection (VOD) has been monitoring a significant malware attack, with over 80% of all malware passing through the CYREN VOD system containing this Trojan virus with obfuscated Visual Basic macro code. As we delve more deeply into our analysis of the virus, we are learning more.

The downloaded executable file DCITXEKBIRG.EXE is a malicious Trojan/Downloader and is a variant of “Cridex” family. Cridex is a known family of botnets that can steal user’s personal information such as their banking user names and passwords, as well as their personal info from social networking websites. It does this by monitoring the user’s keystroke activities particularly on financial or banking websites and sends those data to the C&C server.

Once executed, it will drop a copy of itself to:

“%userprofile%/Local Settings/Application Data/edg4.exe”

It created the following registry keys:

HKLMSOFTWAREMicrosoftESENTProcess<filename>DEBUG = “ Trace Level”

While running, the virus attempts to connect to its C&C server; once a connection has been established, it waits for further instructions from the server. The server usually sends the infected machine a configuration file containing further instructions such as downloading and installing other malicious files.

This particular variant tried to connect to IP address where the C&C server is being hosted.

Additional details on this story can be found in our previous blog article: CYREN First To Detect Significant Malware Attack

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...