What is IcedID Banking Trojan?
As per the X-Force researcher who first discovered this Trojan, the researchers noted that IcedID has a modular malicious code with modern banking Trojan capabilities comparable to any malware in the recent past and the example can be compared to Zeus Trojan. At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S. Two major banks in the U.K. are also on the target list the malware fetches.
The principle IcedID Trojan works and spreads in your computer?
The Initial analysis done on this recent trojan reveals that it works on the delivery method is done through the botnet infrastructure of another Trojan known as EMOTET. Once IcedID infects your system, it carries dual attacks through which is via redirection and web injection. For its redirection routine, IcedID sets up a local proxy running on port 49157 that intercepts and funnels web traffic, which is then exfiltrated to the C&C server. The malware also covers a network propagation module that gives it mobility to move, not only to other endpoints, but also to terminal servers as well. In such case, the botnet is used as a malware delivery point, which looks familiar to previous attacks where it dropped the trojan DRIDEX as payload.
Also read -How to remove 12startpage.com virus?
The initial phase on which IcedID's attack starts when it downloads a configuration file containing the trojan's targets from its C&C server, which gets triggered when the user goes online and opens a web browser. Then, it uses web injection for attacks involving online banking portals and redirection techniques for payment card and webmail sites. For its redirection routine. The redirection scheme tries to look as legitimate it disguise itself and shows the bank’s legitimate URL in the address bar as well as its correct SSL certificate—all done via a live connection with the actual bank’s site. The users are then asked to put in their credentials on this fake page, which are sent back to the cyber attacker’s server.
Tips to prevent IcedID banking Trojan from entering your computer :
1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.
2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to the survey, outdated/older versions of Windows operating system are an easy target.
3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.
5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like McAfee or a good Malware Removal Tool like Download Free Virus RemovalTool
6. Install a powerful ad- blocker for Chrome, Mozilla,and IE.
