Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

Taking a Closer Look at Trojan.Bredolab

Created: 14 Oct 2009 11:25:26 GMT • Updated: 23 Jan 2014 18:32:11 GMT
Gilou Tenebro's picture
0 0 Votes
Login to vote

Trojan.Bredolab is a threat that has been distributed widely and consistently this year. This research paper takes a closer look at the Trojan to discover how it works, why it’s so widespread, and the motivations behind it.

In short, Bredolab is distributed by spam emails and drive-by-download attacks. (In fact, last month we blogged about a wave of spam emails used to distribute it.) Once it’s on a computer, Bredolab downloads and installs a variety of other threats. This process is outlined in the following diagram.
 
bredo_attacks_BN.jpg

We have seen Bredolab downloading password stealers, bots, rootkits, backdoors, and misleading applications.  Some of the well-known threats that Trojan.Bredolab has been observed downloading are shown in the following table.

Table4Blog.jpg
 
In this paper the different attack vectors and social engineering techniques that Bredolab uses to install itself are outlined. The encrypted communication that it uses is analyzed and the protections it incorporates to deter analysis are also exposed. For full information about the threat, how it operates, and what its motivations are be sure to check out the research paper.