Forgot your password?
New user?
TrojanDownloader :Win32/Bredolab
Last Updated on:
Apr 08, 2010 12:45 PM
Original issue date: October 29, 2009
It has been observed TrojanDownloader:Win32/Bredolab is circulating widely.
This Trojan arrives as attachment with email messages purports to be from Facebook ,UPS ,Western union Money transfer(see the screenshots given below) with subjects "Facebook Password reset confirmation", "UPS invoice"," Western Union transfer is available for withdraw" etc.
It has been observed TrojanDownloader:Win32/Bredolab is circulating widely.
These are a family of Trojan-downloaders known to download and install rogue antivirus programs and password stealers onto the infected computer.
This Trojan arrives as attachment with email messages purports to be from Facebook ,UPS ,Western union Money transfer(see the screenshots given below) with subjects "Facebook Password reset confirmation", "UPS invoice"," Western Union transfer is available for withdraw" etc.
Or it may be downloaded by Exploit:Win32/Pdfjsc families .The .zip attachment, once extracted, is usually an ~36-40kb executable that contains an Excel/Word documents icon.
It is installed to the start up folder with variable file names and injects into legitimate svchost.exe and explorer.exe processes to bypass firewalls. Some of the variants are ' virtualization -aware' which contains anti-sandbox code and might exists if it detects the presence.
Some of the variants are trying to exploit previously patched Microsoft vulnerabilities ( MS07-017 – GDI Local Elevation of Privilege Vulnerability, MS08-025 – Windows Kernel Usermode Callback Local Privilege)
Removal :
* Temporarily Disable System Restore.
* Update the virus definitions.
* Reboot computer in SafeMode.
* Run a full system scan and clean/delete all infected file(s).
* Delete/Modify any values added to the registry.
In view of rapid propagation of the Program Trojandownloader:Win32/Bredolab, users are advised to implement the following countermeasures:
* Exercise caution while opening e-mail attachments and clicking on links to web pages received from unknown sources.
* Keep up-to-date patches and fixes on the operating system and application software.
* Keep up-to-date Antivirus and Antispyware signatures
For More information on Aliases visit: CERT-In
Some of the variants are trying to exploit previously patched Microsoft vulnerabilities ( MS07-017 – GDI Local Elevation of Privilege Vulnerability, MS08-025 – Windows Kernel Usermode Callback Local Privilege)
Removal :
* Temporarily Disable System Restore.
* Update the virus definitions.
* Reboot computer in SafeMode.
* Run a full system scan and clean/delete all infected file(s).
* Delete/Modify any values added to the registry.
In view of rapid propagation of the Program Trojandownloader:Win32/Bredolab, users are advised to implement the following countermeasures:
* Exercise caution while opening e-mail attachments and clicking on links to web pages received from unknown sources.
* Keep up-to-date patches and fixes on the operating system and application software.
* Keep up-to-date Antivirus and Antispyware signatures
For More information on Aliases visit: CERT-In
No rating set
Document Actions
Share
|
