Dridex virus: Ten things you need to know

Wednesday 14 October 2015 at 3:29pm

Credit: Sebastian Kahnert / DPA/Press Association Images

Security experts are warning Brits to be wary of a virus thought to have infected thousands of UK computers.

The Dridex malicious software (malware) - also known as Bugat and Cridex - allows criminals to access victims' online banking details, and has been held responsible for £20 million of fraud from British bank accounts.

Here are ten things you need to know about the virus:

1. It currently affects Windows devices

This particular malware targets Microsoft's Windows operating systems. As a result, if you have another operating system such as Mac OS X or Chrome OS you should be OK, says internet security expert Graham Cluley.

However, the National Crime Agency (NCA) warns that, as cyber criminals are constantly coming up with new ways to hack their victims, people using all forms of electronic devices should remain wary.

Microsoft's Windows operating systems have been targeted by the malicious Dridex software Credit: John Stillwell/PA Wire

2. It is spread through infected emails

Dridex is a virus sent by email, often in the form of "boobytrapped" Microsoft Office documents such as Word or Excel.

As a result, the NCA warns people to be wary of emails from people or organisations they do not recognise, and in particular to avoid opening links and attachments.

3. You should be particularly wary of Macros

If you do open a link on one of these emails, that does not necessarily mean your computer will be infected straight away - the malware often requires users to enable macros for the infection to take place, says Graham Cluley.

Macros are tools in Word and Excel that allow you to automate simple, repetitive tasks. Cluley recommends to "always be very wary" of using them in documents sent from other sources.

4. Infecting your computer can allow hackers to steal your money

Once your computer has been infected with Dridex, the malware effectively has control over large parts of the way it operates.

It will then lie on the computer, looking for logins to services such as online banking and even social media accounts. It will add your computer to the "botnet" network, allowing criminals to communicate with it.

Dridex looks for logins to services such as online banking Credit: Natwest

5. Buying a quality anti-virus is important...

Security experts agree that the best way to prevent being hacked, aside from being vigilant, is by using a quality anti-virus software to protect your PC, and keeping it up-to-date.

The NCA provides a list of links to anti-virus software providers.

6. ... but some forms of the malware can beat anti-virus software

However, as Forbes security and privacy reporter Thomas Fox-Brewster told ITV News, cyber criminals are adept at "tweaking their malware to get past anti-virus software", often requiring only a few changes to the code to do so.

"There are lots of different kinds of the same malware," he said. "Some will get past [anti-virus software], some won't."

7. Be careful about which banking apps you use

Cluley recommends that consumers should use legitimate banking apps on their smartphones, as "some Dridex attacks attempted to steal security codes as they were sent via SMS to banking users' mobiles".

8. Who to tell if you've been affected

If you think your computer has been infected by malware, one of the first things to do is find another computer and change all your passwords, Cluley told ITV News.

And if you suspect you have been a victim of fraud, contact Action Fraud and your bank as soon as you can.

9. Your rights if you get scammed

If you have been a victim of bank fraud as a result of malware, it is likely that your bank will agree to refund you while authorities attempt to retrace the stolen money.

The British Banking Association says banks can only refuse to refund a customer if he or she has acted "fraudulently" or has been "grossly negligent". Those who are refused can complain to the Financial Ombudsman Service.

10. This kind of crime is likely to come back in another form

Those behind Dridex are said to call themselves Evil Corp, and are part of a "vast Eastern European criminal network", says Fox-Brewster.

With just one arrest made so far, it's likely that those at large will simply "set up another money-making machine", he says.

Fox-Brewster adds that, as UK and US law enforcers have "typically had a hard time" getting criminals in the region to face charges, and because international co-operation with countries such as Russia and China remains "tricky", this major network of cyber attackers is unlikely to be stopped any time soon.