Bredolab Trojan Distributed via Bogus Shipment E-mails
According to the e-mail security firm 'MX Lab', Trojan Bredolab's creators have hit the Internet via unleashing another malware campaign, as reported by Softpedia on August 28, 2009.
MX Lab explained in a blog posting on August 27, 2009 that it caught a number of messages that carried a new variant of Bredolab appended to a ZIP file.
These messages, which are a fake, have applied social engineering that tries to convince recipients that they are among those who have ordered for a purchase, according to MX Lab researchers.
The researchers gave two examples of fraudulent e-mails that the malware purveyors were using. One, thanking the recipient for making a purchase at the e-mail sender's Internet store, stated that the good's payment was successfully received. The recipient's order for Toshiba Satellite U4000D had been released and it would soon reach his billing address. Further, the tracking number for the purchase was provided in the e-mail attachment, and to get the package, the user must take a print out of the label, the message concluded.
The second e-mail also thanked the customer (e-mail recipient) for making an order at the sender's Internet shop, stating that the Samsung R610 was being shipped to his address. The e-mail then alleged that the postal parcel's tracking number was given in an attached file, and the recipient must take the label's print out for the receipt of the parcel.
The researchers further state that each e-mail could indicate a different text and electronic good. The purveyors have possibly chosen this scamming method so that they could evade anti-spam filters.
When unzipped, the attached file shows a D*****.exe file (36KB), where '*' refers to random letters and numbers. An executable in the ZIP file, according to Microsoft, is actually TrojanDownloader:Win32/Bredolab.X, while F-Prot identifies it as W32/Bredolab!Generic, Panda as Trj/CI.A and Sophos as Mal/Bredo-A.
While cyber criminals' use of e-mails involving fake orders/bogus shipment confirmations for the spread of malware is nothing new, the continuity of the practice suggests its relative success. Thus, end-users are recommended that they should maintain an up-to-date antivirus program.
Related article: Bredolab Tops on December 2009 Threatscape Report of Fortinet
» SPAMfighter News - 14-09-2009