It has been discovered that an updated Dridex banking malware is using a Domain Name System trick to direct victims to fake banking websites. Even if a user types in the correct domain name for a bank, the fake website is still shown in the browser.
Tim Erlin, Director of IT Security and Risk Strategy for Tripwire says, “We implicitly trust that the address we type into the browser is the website we get, but DNS redirection exploits that trust. There are, in fact, multiple systems involved in turning that web address into an actual destination for your requests. The best way to prevent this kind of attack is to avoid the initial malware infection. While the malware itself may be advanced, the initial infection occurs via simple phishing.”