Dridex is a pretty nasty piece of malware. If you work at a banking institution in Europe, you might one day get an email with an Excel or Word attachment, indicating that it’s an invoice for services rendered. This document is a trap! More specifically, it’s a RAT–a Remote Access Trojan that allows a third party to upload and download files, run programs, see everything you’re doing on the internet, use your computer to commit crimes against others, and steal all of your most precious data. Recently, hackers have added a new capability. When victims click on a malicious link, they’re now… given a free copy of Avira antivirus?
Yes, in a hilarious turnabout, it appears that the would-be dupes of the scammers distributing this malware are now being freely given a copy of the very program that would protect them from evil. No, some criminal with a heart of gold hasn’t decided to turn legit. Rather, it appears as though some anonymous do-gooder, (a ‘white hat’ in industry terms) has hacked the Dridex distribution servers. Avira itself actually doesn’t have any idea what’s going on.
Ironically, since hacking in and of itself is illegal in most countries, the act of hacking the Dridex servers could potentially be seen about as non-criminal as robbing a drug dealer. Another potentially saddening possibility is that the perpetrators of Dridex did this themselves. From Avira, “Cybercriminals [might be] doing this to somehow upset Avira’s and other AV companies’ detection process,” which is largely automated. Another possibility is slightly frightening: When two malware programs are installed on the same computer, problems arise. The computer slows down, two criminals are stealing the same data, making it less valuable, and there’s a higher chance of malicious activity getting noticed. Thus, some distributors have been known to deliberately include AV packages within their malware–in order to clean out the competition.
Whichever way you slice it, however, if the crooks behind Dridex did intend to distribute Avira, they did so in a way that was counterproductive, at best. Thus, it’s finally okay to laugh at some cybersecurity news, as opposed to hiding under your desk.
[Post image via Shutterstock]