Unsafe ftp servers used to distribute the dridex trojan

Security experts have discovered spam emails that distribute the Dridex banking Trojan. Something that in principle is not surprising, since it is something habitual. Although, this time the way in which the threat is stored and distributed is different. Because attackers appear to use unsafe FTP servers.

Unsafe FTP servers used to distribute the Dridex Trojan

FTP servers are accessible from the Internet. The main problem they have is that only a very low percentage of them have adequate protection. So they are vulnerable and it was to be expected that some attack would occur. Something that has finally happened already in this case.

Criminals use FTP servers

As a result, cyber criminals are taking advantage of the poor security that exists to host and distribute threats like this Dridex Trojan. In general, it seems that they are taking advantage of FTP servers of users or small companies, where control of published files is not usually carried out. So its diffusion is easier this way. Also, in this case there are no surprises in terms of distribution. They bet on email. It has already been detected in France, the United Kingdom, Spain and Australia, among other countries. All messages are in English.

A file is usually attached, in Word or XLS format. But, it is where the malware that will end up infecting the computer is located. The affected services do not appear to be running the same software. So it seems that it is not a massive security breach of a service. Rather, it is a poor security configuration.

At the moment the origin of these emails with Trojan has not been found. So far, 9, 500 messages have been detected to users around the world. So if you use an FTP server it is better to check its security.

Security Weak Font