Bypass User Account Control
New Tactic Used by Dridex Trojan to Bypass User Account Control Recently a campaign, Dridex distribution is leveraging a fresh UAC (User Account Control) bypass method, warns Flashpoint security researchers. First, this was discovered back in 2014, Dridex is considered as the successor of the GameOver ZeuS malware, as it often uses an improved version of GameOver ZeuS ’s peer-to-peer architecture in order to protect its (C&C) command and control server. Dridex emerged as one of most dangerous banking Trojan families present, still its recent activity has subsided compared to the levels seen in 2014 and 2015. Recently observed a small distribution campaign that is targeting the UK financial institutions which was characterized by the use of “previously-unobserved” Dridex UAC bypass which leverages recdisc.exe , which is a Windows default recovery disc executable. This malware was also observed while loading malicious code using impersonated SPP.dll , and using spoo