Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Trojan.Bredolab is Making Yet Another Comeback.

Created: 27 Oct 2009 11:19:47 GMT • Updated: 23 Jan 2014 18:31:47 GMT
Shunichi Imano's picture
0 0 Votes
Login to vote
Security Response is aware of a new round of spam replacing old DHL and UPS themes in an attempt to spread Trojan.Bredolab.

Taking a Closer Look at Trojan.Bredolab
Bredolab Delivers More Parcels and Cash
 

This time the email is masquerading as a notification from Facebook that the recipient’s password has been reset.

Facebook.PNG
 
The message comes with a .zip file containing a malicious .exe file. Symantec detects the .exe files as Trojan.Bredolab.

This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet.
 
Please keep your Symantec security product definition files up-to-date.