- Expand the botnet geographical area: The binary spread is done through spam campaigns with malicious attachments. At first these were limited to English-speaking countries, but have expanded their reach.
- Incorporation of new banks: DYRE configuration is done via the usual file that lists the banks where the Trojan must act. As has been expanding the area of influence of the botnet, the list of entities has also experienced an increase, as shown in the following chart
Although just it has a few months old, the DYRE Trojan (aka Dyreza) is currently the busiest banking malware. Since early this year, the aggressive characteristics incorporated in the binary a fairly proactive gang has been added, working to increase its infrastructure and monetization capacity. Progress has been noticed…