Today we will have a closer look at Dyreza, a new banker Trojan able to bypass SSL traffic. Dyreza is able to hook several browsers (Internet Explorer, Chrome and Firefox) and intercepts the traffic flow between the victim’s computer and the requested website.
Researchers decided to name the threat Dyreza or Dyre due to compile leftovers. Dyreza runs on 32-bit and 64-bit platforms. The malicious code is stored in 2 distinct resources named payload64 and payload32.
Currently Dyreza targets the Bank of America, Citibank, Natwest, RBS and the Ulsterbank. The malware intercepts requests performed by the browser and sends the data in CLEAR to the cyber criminals before the data is send to the financial institution over an SSL-encrypted connection.
more here...............http://stopmalvertising.com/malware-reports/introduction-to-dyreza-the-banker-that-bypasses-ssl.html
Researchers decided to name the threat Dyreza or Dyre due to compile leftovers. Dyreza runs on 32-bit and 64-bit platforms. The malicious code is stored in 2 distinct resources named payload64 and payload32.
Currently Dyreza targets the Bank of America, Citibank, Natwest, RBS and the Ulsterbank. The malware intercepts requests performed by the browser and sends the data in CLEAR to the cyber criminals before the data is send to the financial institution over an SSL-encrypted connection.
more here...............http://stopmalvertising.com/malware-reports/introduction-to-dyreza-the-banker-that-bypasses-ssl.html