Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Dorifel trojan spreading out from the Netherlands

FireEye : 20 August, 2012  (Technical Article)
Originally targeting public companies in Holland, Dorifel is now spreading beyond its intended victims into other parts of Europe
Dorifel trojan spreading out from the Netherlands
The Dorifel malware (aka XDocCrypt) has infected over 3,500 computers via malicious email attachments and infected USBs, and is continuing to spread across Europe and around the world.  The virus has primarily been targeted at public sector organisations in the Netherlands with many government departments and hospitals falling victim.
 
Once machines are infected with Dorifel, the Hermes Trojan is silently downloaded, bypassing signature-based security layers, in order to steal banking information.
 
James Todd, technical lead for FireEye has made the following comments:
 
“The recent outbreaks of Dorifel malware have highlighted how difficult it is for best-of-breed Antivirus and Intrusion Detection systems to detect sophisticated and targeted attacks of this sort.  Many of these security solutions monitor for known threats against existing signatures – and despite constant rule tweaking and IP blocklists, the security gap continues to remain wide open to advanced targeted attacks.
 
“Dorifel is a highly disguised file obfuscator/encryptor, seemingly for ransom purposes or perhaps just a distraction while Hermes steals financial information.  This highly targeted attack is continuing to spread and it needs to serve as a wakeup call to warn companies of how their existing security solutions are not capable of protecting against these kinds of advanced attacks.  By detecting suspicious activity on the network before damage is done, organisations can protect themselves from unknown threats before data theft or widespread infections take place.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo