Dyre/Dyreza Trojan

Dyre/Dyreza Trojan Description

The Dyreza Trojan is a banker Trojan that is used to take money and login credentials from the victims' bank accounts. One of the reasons why the Dyreza Trojan became interesting to PC security analysts is because the Dyreza Trojan can bypass the SSL mechanism, undermining this basic online security protection measure. The Dyreza Trojan may collect the financial credentials and then send them to the attacker in a remote location in plain text. The Dyreza Trojan also has RAT (Remote Access Trojan) capabilities, letting outsiders control the affected computer from a remote location. The Dyreza Trojan allows ill-minded persons to intercept encrypted traffic by routing the connection through domains belonging to the attackers.

The Dyreza Trojan may Cause Serious Damage to a Computer User's Finances

The Dyreza Trojan, also known as Dyre, uses a method known as browser hooking to interrupt online traffic and route it directly to servers that are controlled by the attackers. Using browser hooking, people may collect information without the victim being aware that the data is being tracked on or intercepted. On the side of the victim, the session seems to continue uninterrupted through HTTPS, despite being routed to a third party automatically. As soon as the Dyreza Trojan infects a computer, the Dyreza Trojan establishes a connection with various IP addresses and requests access to a 'publickey' directory, whose purpose is currently unknown. The Dyreza Trojan uses the established connection to receive commands from the remote server and to relay information about the infected computer's settings and operating system.

Using the Dyreza Trojan, third parties may capture traffic from the affected Web browser. Every time the victim carries out a task on the affected Web browser, the Dyreza Trojan sends the information to the attacker as well, allowing other persons to gain access to data or command the infected PC from an outside location. Through the use of the Dyreza Trojan, other people may see when the victim enters a secure address or password in plain text, with the main target of these attacks being online banking and financial websites. The true danger of the Dyreza Trojan is that the victim is never aware that their information is being intercepted.

Aliases: Win32/Trojan.Multi.daf, Trojan.Win32.Staser.ajY, Crypt3.BWFI [AVG], W32/Upatre.HN!tr [Fortinet], Trojan.Inject [Ikarus], Trj/Genetic.gen [Panda], Virus.Win32.Heur.c, Trojan/Win32.Waski [AhnLab-V3], PWS:Win32/Dyzap [Microsoft], TR/Crypt.EPACK.31560, Troj/Dyreza-BD [Sophos], BehavesLike.Win32.Backdoor.gc [McAfee-GW-Edition], Trojan.DyrezaKD.2119346 (B), Trojan.Win32.Staser.gv [Kaspersky] and TSPY_DYRE.NE.

Technical Information

File System Details

Dyre/Dyreza Trojan creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%smAyGCtgdvpVECw.exe 421,376 97388a31e2e36b2bef2984e40e23f2f1 5
2 %WINDIR%UVbvibqIfsBOGcD.exe 545,792 b25cafa85213d906bee856a841dbae02 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.