Store
|
Contact Norman
|
About Norman
|
Select location
Corporate
Norge
France
Deutschland
Sverige
Danmark
Suomi
Nederland
Schweiz
España
United States
United Kingdom
Italia
Proactive IT security
Home & Home office Small / Medium business Enterprise Our technology Security center Norman as a business partner Support   Partner web
Home
>
Security center
>
Virus descriptions
>
W32/Bredolab
Norman SandBox center
Submit file for SandBox analysis
Search malware analysis database
View latest SandBox analysis
Malware statistics
Virus descriptions
Security articles - archive
Malware types
Threat level
Current virus threats
Security blog
Email statistics
Books, general white papers etc.

W32/Bredolab

Threat risk

Threat risk medium
Detection files published: January 8, 2009
Description created: 2010-03-15
Description updated: 2010-03-15
Malware type: Trojan
Alias: Mal/Bredo (Sophos), Backdoor.Win32.Bredolab (Kaspersky), Trojan.Bredolab (Symantec), TROJ_BREDOLAB (TrendMicro), Win32/Bredolab (Microsoft)
Spreading mechanism Email, Webpage
Payload: Download malware, compromise system security
Summary

W32/Bredolab is a trojan downloader that connects to the server hard-coded in to the executable and downloads the malware in order to compromise the system security, depending on the instruction available in the server. 

Spreading description

W32/Bredolab, believed to be of Russian origin, programmed by developers involved in cyber crime, spreads infections and their updates in due time. It will download the Rogue Security Software in order to assist the cyber criminals who create and spread this scam. On execution the W32/Bredolab executable will connect to the different servers hard-coded in the executable and download the malware in encrypted form to the system. Then it will decrypt it and execute in the system. To bypass the security software it injects its code into legitimate Windows’ processes, like explorer.exe and svchost.exe.

The payloads may differ depending on the variant of the W32/Bredolab

Removal

General information about removal of malicious software

Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.

Type Title Comment Usage
Norman Malware Cleaner    
Stopping network share infectors    
Cleaning of back-up folders on Windows Me and XP    
Print
Privacy policy
|
License agreement
|
Trademarks
|
Sitemap
FacebookTwitterYouTubeLinkedIn