Email Scam Uncovered Involving DRIDEX Malware

A new DRIDEX email scam campaign has been identified that has resulted in an angry response from Swedish furniture retailer Ikea. The hackers to blame for the malware have targeted Ikea customers by sending fake emails asking them to open a DRIDEX-infected email attachment. It is thought that hundreds of thousands of emails have been sent in the past few days.

As is usually the case with spam emails, users are not specifically targeted. The hacker rely on volume for success. This is why targeting a retailer the size of Ikea is particularly desirable. The potential for an email landing in the inbox of a customer is relatively high in Europe.

What is most worrying about this campaign is the fact the emails look authentic. They include an attachment which appears to be a purchase receipt issued  by IKEA. The receipt looks identical to one supplied by the store.

IKEA is worried that the spam emails will impact the company’s reputation, even though there is nothing the company could have done to stop the campaign. The guidance provided is not to click on any attachments in emails that appear to have been sent by the furniture retailer.

DRIDEX Malware Features

DRIDEX is a dangerous malware designed to obtain online banking login names and passwords and is a new variant of CRIDEX: A known variety of malware with a worm and Trojan variant (W32.Cridex and Trojan.Cridex). The new form of the Cridex malware tries to complete its aim using HTML injection. This is a technique used by hackers to utilize code to exploit vulnerabilities in popular applications such as Java or ActiveX. HTML injection changes page content.

This hacking method of attack as the user is tricked into thinking a site being visited can be trusted, as the page has a trusted domain. When the user enters a login name and password, these are then forwarded to the hacker. In this scenario, the user would share their bank logins and passwords, which would then be used to make fraudulent financial transfers to a hacker’s account.

Email scams likes these on the rise and users can easily be fooled into installing malware. DRIDEX appears to be primarily sent by spam email attachments.

AS new malware is constantly being devised and broadcast with increasing regularity, all email users should also be shown how to spot potential phishing emails as a failsafe to ensure. This will help to make sure they do not become another email hacking, or inadvertently compromise their employer’s databases.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone