Symantec threat bulletin: Trojan.Bredolab malware

Published March 22nd, 2010 - 09:51 GMT

There has been some recent news coverage of a spam that urges users of social networks to click on an attachment because their account has been reset and would need to click the attachment to obtain new login credentials.  This attachment is a malware called Trojan.Bredolab.
Trojan.Bredolab was discovered in May 2009, and is by itself a downloader that downloads threats listed below randomly from various URLs which changes frequently. The communication between the attacker’s server and the infected clients is encrypted using HTTP protocol, making it more difficult to locate.
- Bots: Trojan.Zbot, W32.Waledac, W32.Koobface, Trojan.Srizbi, Backdoor.Rustock, Backdoor.Haxdoor,


Remote control, spam server, used in DoS attacks, malware redistribution, steals information and replaces
ads shown in web searches

- Rogue Sec. Software: SecurityToolFraud, Trojan.FakeAV, Downloader.MisleadApp

False alerts, steals credit card information

- Infostealer: Infostealer.Ldpinch.C, Trojan.GoldunInfostealer

Steals user ID and passwords, keylogging


- Rootkit: Hacktool.Rootkit

Hides malware infections


- Retro virus: Trojan.KillAV

Disables and deletes security software

- Adware: Adware.Lop, Adware.Purityscan

Shows pop-up ads

“Symantec Security Response has been closely monitoring Trojan.Bredolab’s activities. It appears that the author of Trojan.Bredolab is trying to increase the number of infected PCs to install rogue security software to gain revenue by using the affiliate program (paid per install), as well as renting out this network on the underground market, which other attackers are using to spread the botnet, such as Trojan.Zbot,” says Kaoru Hayashi, Development Manager, Symantec Security Response.
Symantec advices users with the following:
·           Security updates of operating system and browser plug-ins
·           Be wary of social engineering tactics
·           Do not save login credentials via the browser, and if needed, protect with master password
·           Not to use FTP and Telnet protocols which are not secure
·           Check incoming and outgoing communications through intrusion prevention system/intrusion detection systems

© 2000 - 2019 Al Bawaba (

You may also like