Taking a Closer Look at Trojan.Bredolab

The latest malware threats from across the security forums

Moderators: Admin Team, Moderators

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

Taking a Closer Look at Trojan.Bredolab

Postby Spudz » Wed Oct 14, 2009 6:45 am

Taking a Closer Look at Trojan.Bredolab
Gilou Tenebro
October 14th, 2009

Trojan.Bredolab is a threat that has been distributed widely and consistently this year. This research paper takes a closer look at the Trojan to discover how it works, why it’s so widespread, and the motivations behind it.

In short, Bredolab is distributed by spam emails and drive-by-download attacks. (In fact, last month we blogged about a wave of spam emails used to distribute it.) Once it’s on a computer, Bredolab downloads and installs a variety of other threats. This process is outlined in the following diagram.


http://www.symantec.com/connect/blogs/t ... anbredolab
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image

User avatar
Mystery
Posts: 232
Joined: Fri Jul 10, 2009 7:56 am
Gender: Female
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Switzerland
Contact:

Re: Taking a Closer Look at Trojan.Bredolab

Postby Mystery » Wed Oct 14, 2009 10:42 am

Thanks Spudz, just read the whole research paper, very interesting.
Btw, at our office we got those emails from *DHL* with .zip attachments, that are mentioned in there. And if you use services from DHL you might open it if you don't think for a moment while checking all the incoming emails. We never opened them though, and gave a warning to all employees not to open such attachments. Didn't know that was related to this trojan.
Why do geeks think Halloween and Christmas occur on the same day?
Because 31oct = 25dec ;)

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

Re: Taking a Closer Look at Trojan.Bredolab

Postby Spudz » Wed Oct 14, 2009 11:00 am

I have seen similar ones for other courier services where they relied on the trust and nievity of employees to open them, thus getting infected. So pleased your company took the initiative and informed everyone :) 1wnnr
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image

User avatar
Mystery
Posts: 232
Joined: Fri Jul 10, 2009 7:56 am
Gender: Female
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Switzerland
Contact:

Re: Taking a Closer Look at Trojan.Bredolab

Postby Mystery » Wed Oct 14, 2009 11:11 am

Hehe, if you have 2 people in a small company who are very aware of security issues, chances are low that such such things get through.
And I'm making everyone feel continually haunted by malware and phishing - in private, online and everywhere. :lol:

But indeed if you are getting a big amount of regular emails (often with important attachments) to go through, and then some crafted emails seemingly coming from customers or services that you use, it needs a great deal of awareness while working on your email list.
Why do geeks think Halloween and Christmas occur on the same day?
Because 31oct = 25dec ;)

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

Re: Taking a Closer Look at Trojan.Bredolab

Postby Spudz » Wed Oct 14, 2009 11:22 am

LOL quite true and I can picture you holding a big piece of paper in a persons face and bellowing read and digest ;) hehe.

Small departments like yours with employees who are on the ball is a great thing but I would imagine that people like the Royal Mail etc may have a harder job containing these phishing scams.
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image

User avatar
Mystery
Posts: 232
Joined: Fri Jul 10, 2009 7:56 am
Gender: Female
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Switzerland
Contact:

Re: Taking a Closer Look at Trojan.Bredolab

Postby Mystery » Wed Oct 14, 2009 11:36 am

You can bet :twisted: I'm showing all human-readable articles (I mean those that are relatively easy to understand :P ) and telling Halloween-like horror stories what happens if they are not very careful. :lol:

I agree, for a big company it might be a bigger issue, but again, a company intern education may be helpful.
Why do geeks think Halloween and Christmas occur on the same day?
Because 31oct = 25dec ;)

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

Re: Taking a Closer Look at Trojan.Bredolab

Postby Spudz » Wed Oct 14, 2009 1:18 pm

Yes but we have to remember that people often treat others property with less regard than their own.
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image


Return to “Latest Malware Threats”

Who is online

Users browsing this forum: No registered users and 2 guests