W32/Bredolab
Threat risk
|
Detection files published:
January 8, 2009 |
Description created:
2010-03-15 |
Description updated:
2010-03-15 |
|
Alias:
Mal/Bredo (Sophos), Backdoor.Win32.Bredolab (Kaspersky), Trojan.Bredolab (Symantec), TROJ_BREDOLAB (TrendMicro), Win32/Bredolab (Microsoft) |
Spreading mechanism
Email, Webpage | |
|
Payload:
Download malware, compromise system security | ||
Summary
W32/Bredolab is a trojan downloader that connects to the server hard-coded in to the executable and downloads the malware in order to compromise the system security, depending on the instruction available in the server.
Spreading description
W32/Bredolab, believed to be of Russian origin, programmed by developers involved in cyber crime, spreads infections and their updates in due time. It will download the Rogue Security Software in order to assist the cyber criminals who create and spread this scam. On execution the W32/Bredolab executable will connect to the different servers hard-coded in the executable and download the malware in encrypted form to the system. Then it will decrypt it and execute in the system. To bypass the security software it injects its code into legitimate Windows’ processes, like explorer.exe and svchost.exe.
The payloads may differ depending on the variant of the W32/Bredolab.
Removal
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |