‘Bredolab’ Executes Personalized E-mail Assaults

According to the security company 'Symantec,' personalized e-mail attacks against organizations in the public sector occurred during the 3rd week of February 2010 through the use of Trojan Bredolab.

The e-mail scammers are aiming at particular employees in specific companies to get access to sensitive data, and potentially profitable data related to intellectual property.

Tony Millington, malware Operations Engineer, Symantec Hosted Services, states that the e-mail assaults started on February 16, 2010. According to him, it wasn't the particular assaults as such but the payload used was interesting, as reported by SCMagazine on February 18, 2010.

To explain Bredolab, Millington said that it was normally distributed through a large number of spam mails via the Cutwail botnet. The particular e-mails used various trickeries to get users to run malicious .exe file. Once that was viewed, one more file was installed and it deactivated the computer security firewall.

However, there is a slight difference in the new case. One, the virus aims attack against very specific individuals like those referred above, and does not send bulk spam mails randomly.

Two, when it downloads the subsequent files they don't carry the normal Bredolab. They install data stealers that could be detected by only some anti-virus firms.

Third, in this new case, Bredolab has utilized a widely used free Web-mail to spam mails whose subject lines suggest the senders' Internet Protocol addresses. When security analysts assessed these addresses, they traced their origin sources to different countries of the world.

Finally, various other malicious e-mails and malware have been sent through several of these Internet Protocol addresses over the recent months, with spam messages being from other botnets, besides Cutwail.

Millington stated that it was obvious that a majority of those Internet Protocol addresses had been compromised to launch earlier assaults and manipulated for executing criminal operations. According to him, the latest dispatch of personalized e-mails, infected with Bredolab, only represented the most recent abuse among the lengthy sequence of exploits that were launched against the operators of those computers.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 3/2/2010