Bredolab Trojan Distributed via Bogus Shipment E-mails

According to the e-mail security firm 'MX Lab', Trojan Bredolab's creators have hit the Internet via unleashing another malware campaign, as reported by Softpedia on August 28, 2009.

MX Lab explained in a blog posting on August 27, 2009 that it caught a number of messages that carried a new variant of Bredolab appended to a ZIP file.

These messages, which are a fake, have applied social engineering that tries to convince recipients that they are among those who have ordered for a purchase, according to MX Lab researchers.

The researchers gave two examples of fraudulent e-mails that the malware purveyors were using. One, thanking the recipient for making a purchase at the e-mail sender's Internet store, stated that the good's payment was successfully received. The recipient's order for Toshiba Satellite U4000D had been released and it would soon reach his billing address. Further, the tracking number for the purchase was provided in the e-mail attachment, and to get the package, the user must take a print out of the label, the message concluded.

The second e-mail also thanked the customer (e-mail recipient) for making an order at the sender's Internet shop, stating that the Samsung R610 was being shipped to his address. The e-mail then alleged that the postal parcel's tracking number was given in an attached file, and the recipient must take the label's print out for the receipt of the parcel.

The researchers further state that each e-mail could indicate a different text and electronic good. The purveyors have possibly chosen this scamming method so that they could evade anti-spam filters.

When unzipped, the attached file shows a D*****.exe file (36KB), where '*' refers to random letters and numbers. An executable in the ZIP file, according to Microsoft, is actually TrojanDownloader:Win32/Bredolab.X, while F-Prot identifies it as W32/Bredolab!Generic, Panda as Trj/CI.A and Sophos as Mal/Bredo-A.

While cyber criminals' use of e-mails involving fake orders/bogus shipment confirmations for the spread of malware is nothing new, the continuity of the practice suggests its relative success. Thus, end-users are recommended that they should maintain an up-to-date antivirus program.

Related article: Bredolab Tops on December 2009 Threatscape Report of Fortinet

» SPAMfighter News - 14-09-2009

 

All SPAMfighter products offer a free trial!

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now

Full disk or slow disk?
Disk space recovery
and disk optimization. Try FULL-DISKfighter free


Spam Filter for Exchange Server

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove spyware

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software

Antivirus software for your Windows PC - Free 30 days trial

<<<  >>> 

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Intel Software Partner