https://isc.sans.edu/ has a good post on how to do some rudimentary searches… Specifically https://isc.sans.edu/forums/diary/Botnets+spreading+Dridex+still+active/20295/ is the post.
The image above is the same image from isc.sans.edu today post, notice how Brad Duncan searched for the Dridex malware with the hash mark, so if there is a suspected malware you are interested in researching that is a great way to start.
Searching for dridex malware one finds previous posts at sans.edu with discussions of Word documents being infected with the malware in the November 2014 timeframe with many emails that had “Duplicate Payment received” in subject line.
Notice we are over a year later and the malware outbreak has come back??
Why is this? It is because people are not patching and not updating their anti-virus software. It is unfortunate but keeping everything up to speed is not easy and a few systems fall through the cracks.
How could we fix this problem? As an industry we need to do a better job
But there could also be oversight to the work being done – I.e. test your IT environment to make sure that the IT department does their job.
Contact Us as we can show you how to do that effectively.