Article ID: 200417252

Protection from Dridex malware with iQ.Suite

Tags:  IBM Domino  Microsoft Exchange  Microsoft SMTP  Convert  Watchdog

Problem

A new wave of Trojan attacks is underway: Dridex malware exploits a loophole in Microsoft Rich Text Format (RTF).

Details:

A manipulated Word file, displaying a ".doc" ending but actually containing the data structure of a RTF file has begun infilitrating computer systems. Upon opening the file, a .hta file is downloaded and executed, undetected by the user. This file is a so-called "HTML application" and piggybacks on the rights of the user. The "HTML application" then executes code on the susceptible system (for example, Visual Basic script code).

After the manipulated Word file has been opened and the code has been executed, the file is closed again and immediately replaced with a harmless Word file to avert suspicion.

Solution

With iQ.Suite various steps can be taken to provide immediate protection from this new attack.

In addition to using antivirus engines in iQ.Suite Watchdog, two further measures are available:

  1. Block emails containing Microsoft RTF attachments (iQ.Suite Watchdog)
  2. Automatic conversion of Microsoft RTF attachments to PDF (iQ.Suite Convert)

1. Block emails containing Microsoft RTF attachments (iQ.Suite Watchdog)

Configuration in iQ.Suite Domino

Screenshot 1
Screenshot 2
Screenshot 3

Configuration in iQ.Suite Exchange / SMTP

Screenshot 1
Screenshot 2

2. Automatic conversion of Microsoft RTF attachments to PDF (iQ.Suite Convert)

Configuration in iQ.Suite Domino

Domino Convert Job Basics
Domino Convert Job Operations

Configuration in iQ.Suite Exchange / SMTP

MSX Convert RTF
MSX Convert RTF

Last updated: 20 April 2017


« Previous article Next article »

Rate it

0/5 stars (0 votes)
Protection from Dridex malware with iQ.Suite 0 5 0

Add a comment


Captcha

Go back

Cookies are important to the proper functioning of this site. Click Agree to proceed and accept cookies. Learn more >>