The emails are sent to victims which contain a Adobe PDF file with a juicy and interesting name.
When the victim clicks on the PDF, it offloads its payload aka Dyreza which is then executed.
DYREZA malware uses spammed message that purports to be an invoice notification as its infection vector.
It has a malicious .PDF file attachment, detected by Trend Micro as TROJ_PIDIEF.YYJU.
Bitcoin Targets spotted
Only in this case, the latest targets are Bitcoin related sites.
One of its payloads, the CUTWAIL botnet leads to the download of both UPATRE and DYRE malware.
Dyre also has abilities to connect and transfer information to its handlers.
source: www.techworm.net
