Dorifel

Dorifel is a dangerous malware attack that has been associated with banking Trojans such as Zeus or Zbot. Currently, Dorifel attacks have been centered in the Netherlands and have infected thousands of business computers. As this infection starts to cross borders and invade other computers throughout Europe, PC security researchers have worried that Dorifel is actually part of a larger attack campaign. This attack is designed to steal banking information and then relay it to a third party using an unauthorized back door. Dorifel is distributed via phishing email messages that use an embedded link to direct victims to an attack website. If you have been exposed to suspicious email messages, it is important to scan your computer for threats such as Dorifel.
 

Dorifel's Puzzling Behavior

One of the main tactics that ransomware infections use is encrypting files on the victim's computer. Then, they will demand a ransom from the computer user in order to return control of the encrypted files. Dorifel has displayed some puzzling behavior due to a secondary component in this malware threat. While Dorifel's main component attempts to steal sensitive banking data, this threat includes a secondary component that is tasked with encrypting data on the victim's computer. Like many ransomware threats, this component will encrypt files on the machine and on folders and drives shared on the infected computer's network. Unlike a ransomware infection, Dorifel's secondary component has not shown signs of demanding a ransom payment in order to decrypt the encrypted files.
 

Understanding Dorifel

PC security analysts suspect that the criminals behind the Dorifel attacks are also responsible for a large number of other online scams. Servers associated with Dorifel also seem to include various other dangerous malware threats and huge amounts of stolen financial and personal data. Among this stolen data, researchers also found credit card numbers and names and other personal information on the victims of these attacks. Although it is possible to consider that Dorifel is a ransomware attack, a ransomware attack without a ransom or a ransom note really doesn't make sense. ESG security researchers suspect that Dorifel is actually used in conjunction with the Zeus Trojan, and the Citadel Trojan in order to increase the size of botnets by spreading via shared files and drives. Dorifel also seems to include certain downloading components that allow Dorifel to download the Citadel Trojan from a remote server in order to carry out its task of stealing banking information.