Account Compromise Warning Email Comes with DRIDEX Attachment

 Analysis by: Cedrick Ramos

An email that poses as a notification of a possible account compromise carries an attachment that is detected as DRIDEX malware. To convince users to open the attachment, it instructs recipients to that the attachment contains further details of unusual account behavior. Opening the attachment executes the macro DRIDEX malware that is detected as W2KM_DRIDEX.YVD. This malware further downloads an information theft malware, detected as TSPY_DRIDEX.YVD. This further compromises the affected system.

Trend Micro product users are protected from this spam and the execution of the malware attached to it. We highly recommend not opening email attachments unless from an expected sender.

 SPAM BLOCKING DATE / TIME: May 24, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2344

Related Malware