Dyre Trojan, knows also as Dyreza, has been one of the most effective financial viruses during the past years. However, presently the threat is not active anymore.
To be precise, the email campaigns which were distributing Dyre ceased in November, 2015, and they haven’t been resumed since then. The abrupt drop has been noticed by many information security companies, however, the reason behind it remained unknown.
The security reports, though unconfirmed by official channels, announced that last November the Russian authorities swooped down on the Moscow film distribution and production company 25th Floor and raided their offices. That occurrence was followed by the above-mentioned drop, however, it’s still unconfirmed whether these two things are related.
According to the Russian Interior Ministry’s cybercrime unit, they weren’t involved in the raid. Russia’s intelligence service FSB declined to comment and so did Nikolay Volchkov, the CEO of 25th Floor.
Yet, what is intriguing here is that during that time, this company was involved in producing a film called “Botnet,” which followed a real-life-event, and has called in Group-IB, a Moscow-based computer security company, to advise on the technical details.
Dyre Trojan came out in 2014, and has fast become one of the most widespread banking malware around, which even surpassed the infamous Zeus Trojan. The developers of Dyre kept pace with technological advances, and continually increased the number of financial institutions whose customers it was able to target.
Due to the fact that Dyre Trojan didn’t target Russian customers and the ones in the former Soviet Union, we can conclude that the hackers behind the malware are most probably Russians. Having in mind that Russian law enforcement doesn’t get involved in takedowns of cyber crime gangs unless there are Russian victims, it’s no wonder that they acted now.
“Unless all of the key figures are arrested and major infrastructure seized, cybercrime groups can quickly rebuild their operations in the aftermath of a law enforcement swoop,” said the Symantec researcher Dick O’Brien.
“For example, an October 2015 operation against Dridex, one of the other major financial fraud Trojans currently in operation, appears to have had a limited impact on its operations. While one man was charged and thousands of compromised computers were sinkholed, the rate of Dridex infections did not abate following the takedown.”
“Early indications are that the operation against Dyre has been quite successful, with no sign of the group attempting to re-establish itself. Whether the threat will disappear entirely will become apparent in the coming months,” he added.
Despite the fact that Dyre’s source code has been leaked, Dr. Web claims that Dyre still poses a threat as some servers of its infrastructure are still active.