Analysis by: Joachim Capiral

A new wave of DRIDEX spam run is seen in the wild. Much like its predecessor, these recent spammed messages pretend as invoice to lure the users in opening the attachment. Once the attachment is opened, it executes the malicious code embedded in the document file.DRIDEX is an online banking malware that leverages macros in Microsoft Office to infect systems. Once a system has been infected, attackers can gather banking credentials and other personal information on the system, causing financial loss to the users.

Users are highly advised to be wary in opening email messages and their file attachments. It’s better to verify first the legitimacy of the email even though these came from seemingly legitimate sources.

 SPAM BLOCKING DATE / TIME: February 17, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2138