Bredolab Trojan Creating New Nuisance on Internet

Latest news
North America has a 13% Infection Rate for Home PCs Tatanga Trojan Utilized within Fake Insurance Scheme Attack 25 Percent of PCs within UK have Malware, Reports PandaLabs Geolocatiedienst Utility of Porn Sites Utilized to Identify Infected PCs’ Location ICS-CERT Cautions about Gas Pipeline Companies of USA being Targeted with Spear-Phishing

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
HSBC Clients Targeted with Phishing Scam BBB Cautions about Phishing E-mails Supposedly from American Express USPS Cautions Consumers about Malware Laced Scam E-mails St. George Bank Clients Alerted about Fraudulent E-mails Commtouch Cautions about Siberian Dogs Fraudulent E-mail

Trampolines usa

Bredolab Trojan Creating New Nuisance on Internet

Written by Administrator

Thursday, 27 May 2010 09:00

As per the news published by SOFTPEDIA on May 17, 2010, security experts have detected fake e-mails that claim to be order confirmation messages sent by Amazon. The archive attached with the e-mail contains a malevolent executable file that drops a fresh version of malware belonging to the Bredolab Trojan family.

E-mail security provider MX Lab stated that the subjects in these malicious e-mails say "Your order has been paid! Parcel NR:58588-691". These e-mails seem to be originating from a fake address " This e-mail address is being protected from spambots. You need JavaScript enabled to view it ", and signed by Vaughn Montes, a so-called Amazon employee.

The message thanks the recipient for purchasing at Amazon.com. It further informs the recipient that they have received the payment and their order has been dispatched to their billing address. It is highlighted in the e-mail that the order has been placed for 'Sony Bravia S1452' and that the recipient's tracking number is attached to the e-mail. Then the user is advised to get print of the postal label so as to get the delivery of their order.

According to security experts, fraudsters have used a simple methodology in this scam. They seem to verify an order, usually for a high-priced item, and in the process trying to increase the recipient's curiosity to the maximum extent so as to persuade them to open the attachment.

Security firm Webroot claims that a zip file is attached to the e-mail, which when opened is found to contain a Microsoft Word document. Actually, that Word document is a Trojan, which upon activation could facilitate the downloading and execution of additional malware that could potentially damage the PC.

Moreover, the executable file could install a new variant of Bredolab, which only nine from 41 anti-virus products on VirusTotal could detect so far.

It is noteworthy that Bredolab, in this particular case, served as a platform to distribute malware. After infecting a PC, Bredolab asks a command and control server that is hosted on a .ru domain. It is this server from where Bredolab receives instructions for downloading and running a bot.exe file.

Trojan.Generic.Bredolab.3232 (ClamAV), W32/VBcrypt.E.gen!Eldorado(F-Prot), W32/VBcrypt.E.gen!Eldorado (Eldorado) and Heuristic.BehavesLike.Win32.Downloader.H (McAfee-GW-Edition) are some other names by which the Trojan is known.

Read full article...