Cidrex

The Cidrex Trojan has the capacity to open email accounts on the Yahoo mail solving CAPTCHA tests in order to secure these accounts. Criminals have found ways around this supposedly effective test to determine a user's identity by means of CAPTCHA cracking servers, which use databases and various tactics in order to crack CAPTCHA tests. This gives malware in the Cidrex family the dangerous capability to use the infected computer to open and register online mail accounts which cybercriminals can use to further spread malware and send out scam emails. Cidrex is typically spread through scam emails containing an embedded malicious link. This link leads the victim to an attack website that, using the Black Hole exploit kit, can quickly infect the victim's system with Cidrex. These attacks have become more prevalent since the Black Hole exploit kit was made publicly available through various obscure file-sharing communities. Malware analysts have demonstrated that various versions of Cidrex have the capacity to crack a CAPTCHA in only a few steps, often with as little as five tries before managing to create a Yahoo mail account successfully. ESG security researchers have also found that Cidrex targets Facebook and Twitter accounts as well as online accounts for the most popular banks.

How Criminals Use Cidrex to Send out Spam Email

ESG malware analysts have reported that Cidrex will often include a backdoor component that allows criminals to install a malware that takes advantage of the registered Yahoo accounts in order to use the infected computer system to send out spam email. Similar procedures have been detected pertaining to Facebook and Twitter accounts. Basically, a computer system infected with malware belonging to Cidrex family becomes a hub for infection, spreading Cidrex and its associated malware by forcing the infected computer to send out malicious email and social media messages containing components of Cidrex or links leading to attack websites designed to infect computers with Cidrex. This increases Cidrex's effectiveness exponentially, since Cidrex can quickly spread to a large number of computer systems, which statistically gives to Cidrex an advantage when trying to obtain banking data in order to steal its victim's money. Criminals use Cidrex to attack their victims on multiple fronts, targeting their online accounts, stealing their banking data and using their computers to further spread Cidrex and other malware.