The DIR Security Operations Team has received intelligence from the Multi-State Information Sharing and Analysis Center (MS-ISAC) on a new variation of the DYRE banking Trojan. Over the past 48 hours, there has been increased activity related to infections resulting from successful DYRE phishing attacks on the some state of Texas shared networks. What is important to note is that the tactic for DYRE Trojan delivery has changed at this time. In the past, DYRE delivered the malicious code as an attachment. The new variation uses emails with malicious links instead. Some samples of subject lines in these emails include:
“Wire transfer receive”
“Complaint against your company”
“Payment Advice – advice Ref:[xxxxxx]/CHAPS credits”
“Company repor” – (note the missing t in “report”)
“Wire transfer complete”
“Important – New Outlook Settings”
“RBS Morning commentary”
“Cards OnLine E-Statement E-Mail Notification”
As always, the best prevention is awareness and thoughtfulness when clicking on links in messages. The best advice is simply to not click on links or open attachments if:
– an email message is from an unknown source
– you are not expecting the email
– the email asks for any personal information.
Question may be directed to the Helpdesk at x.8888.