HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

"Dyre" times for online banking customers, unless you’re an HP TippingPoint customer

There’s a new banking trojan on the scene, and it’s targeting major online banking services—exploiting network security everywhere. Dyreza (or Dyre) uses browser hooking—a technique that allows the trojan to intercept money.jpgsensitive web traffic prior to encryption—to perform a man-in-the-middle (MITM) attack, evading SSL and gathering banking credentials. What does this mean in plain English? Dyre can steal your confidental information and cause mayhem on your accounts if you bank online.

Dyreza is being mainly delivered through spam campaigns, with the primary targets appearing to be customers of specific banks in the UK and US.  It’s not until the users access one of four specific financial institutions that the malware goes to work. The organizations currently affected are:

  • Bank of America (North America)
  • Ulster Bank (Ireland)
  • Royal Bank of Scotland (Scotland)
  • National Westminster Bank (United Kingdom)

Prior to their user credentials being submitted to their financial institution, a copy of the information is sent to an attacker-controlled server in clear text…and chaos ensues.

Interested in the nitty-gritty details of how this trojan works? Check out the “Dyre Times for Online Banking Customers” blog  where, Mat Powell, Security Researcher for HP DVLabs, details what happened when he visited the Bank of America website and entered a bogus user id. Hint: Total shenanigans.

So, here’s the big question: What can you do to protect yourself against this threat? Well, if you’re an HP TippingPoint customer, you can breathe easy.

We know that every second matters, so our HP TippingPoint DVLabs has you covered. HP TippingPoint customers can enable Filter 16441 HTTP: Dyre Malware Communication Attempt. This filter was created by the DVLabs team and shipped on July 1st, 2014 on DV8575. The mainline DV will be updated on July 29th and customers looking to proactively deploy the updated filter can request a custom CSW. And with the HP TippingPoint Next-Generation Intrusion Prevention System (IPS), and our next-generation firewall, your information is safe.

Interested in learning more about how HP TippingPoint protects your information? Join us at HP Protect, September 8-11, in Washington DC! 

HP TippingPoint Network Security solutions

When every second matters, HP TippingPoint delivers industry-leading security intelligence powered by HP TippingPoint DVLabs—keeping you ahead of the threats. With simple, reliable and effective products including TippingPoint Next-Generation Intrusion Prevention System (IPS),  TippingPoint Next-Generation Firewall (NGFW), and the TippingPoint Security Management System, we are on your side, delivering proactive network security protection.  Learn more about how HP TippingPoint can help you with your network security solutions.

Labels: DVLabs| TippingPoint
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author
Top Kudoed Posts

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.