Content

Bredolab.gen.a

Type
Trojan
SubType
Generic
Discovery Date
08/20/2009
Length
Minimum DAT
5715 (08/20/2009)
Updated DAT
5742 (09/15/2009)
Minimum Engine
5.3.00
Description Added
08/20/2009
Description Modified
10/28/2009 8:49 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

Upon execution the Bredolab.gen.a copies itself to the following location:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup\isqsys32.exe

It then deletes itself.

It contacts the following domain(s):

mms*****system.ru

Symptoms

Existence of above mentioned files and Registry keys

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

--Update on October 28, 2009--

The risk assessment of this threat has been updated to Low-Profiled due to media attention at:

http://www.eweek.com/c/a/Security/Facebook-Password-Spam-Conceals-Malware-Attack-635899/

Characteristics

Characteristics -

Upon execution the Bredolab.gen.a copies itself to the following location:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup\isqsys32.exe

It then deletes itself.

It contacts the following domain(s):

mms*****system.ru

Symptoms

Symptoms -

Existence of above mentioned files and Registry keys

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A