Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Bredolab

Overview

Threat Risk MEDIUM MEDIUM
Destructivity Unknown UNKNOWN
Payload Download malware, compromise system security
Detection files published
Description created 15 Mar 2010 05:39:00
Description updated 15 Mar 2010 05:39:00
Malware type TROJAN
Alias Mal/Bredo (Sophos)
Backdoor.Win32.Bredolab (Kaspersky)
Trojan.Bredolab (Symantec)
TROJ_BREDOLAB (TrendMicro)
Win32/Bredolab (Microsoft)
Spreading mechanism EMAIL
UNKNOWN
Summary

W32/Bredolab

Spreading

W32/Bredolab, believed to be of Russian origin, programmed by developers involved in cyber crime, spreads infections and their updates in due time. It will download the Rogue Security Software in order to assist the cyber criminals who create and spread this scam. On execution the W32/Bredolab executable will connect to the different servers hard-coded in the executable and download the malware in encrypted form to the system. Then it will decrypt it and execute in the system. To bypass the security software it injects its code into legitimate Windows’ processes, like explorer.exe and svchost.exe.
The payloads may differ depending on the variant of the W32/Bredolab.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11