MX Lab started to intercept emails with the subject “Conflicker.B Infection Alert”. The trojan is names Win32:Bredolab-CC (Avast), Generic Dropper.lr (McAfee) or Trojan.Win32.Bredolab.Gen.2 (Sunbelt).
The from address is spoofed and can contain “Microsoft Team”. The emails is signed by “Microsoft Windows Computer Safety Division” to make it appears that it is from Microsoft itself.
The email has the [...]
Email regarding Conflicker.B Infection Alert contains a trojan
“updated account agreement” email contains Bredolab trojan
MX Lab started to intercept emails with the subject “updated account agreement” that contains the Bredolab trojan. The campaign is designed for Facebook users because of the content. The email comes from the spoofed email address and contains “Facebook Team”.
The body of the email:
Dear Facebook user,
Due to Facebook policy changes, all Facebook users must submit [...]
Bredolab trojan on the move
MX Lab noticed an increase in intercepted Bredolab trojan variants that are spread by email. The Bredolab variants are distributed by different campaigns.
Do you like to find a girlfriend like me ?
One campaign has the subject “Do you like to find a girlfriend like me ?” and targets female singles in a certain way:
Wish to [...]
New Bredolab trojan variants in DHL and UPS tracking emails
MX Lab intercepted several email messages with new Bredolab trojan variants in the traditional style: emails regarding the tracking of a parcel. We noticed new campaigns using the DHL and UPS tracking style. We will cover them both in this article at the same time.
The trojan is known as Trojan.Win32.Bredolab, Trojan-Downloader:W32/Bredolab.WI or TrojanDownloader:Win32/Bredolab.AB.
UPS Tracking Number
The [...]
New Bredolab variant targets MySpace users with MySpace Password Reset email
MX Lab detected a new virus campaign containing a new Bredolab variant. The campaign has the same characteristics as the Facebook Password Reset email campaign. The trojan listens to the name Win32:Bredolab-BL (Avast) or W32/Bredolab!Generic2 (F-Prot).
The email is send from the spoofed address <confirmation@myspace.com> and has the subjects:
MySpace Password Reset Confirmation!
MySpace Password Reset Confirmation! Order NR.4648.
The number [...]
New Bredolab variant in email regarding DHL parcel delivery problems
MX Lab started to intercept new variants of Bredolab in emails regarding DHL parcel delivery problems. The emails comes from the spoofed address Manager Youg Steward <parcel@dhl-usa.com> (name is choosen randomly).
The body of the email:
Dear customer!
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.
You may pickup the [...]
Emails Western Union Service contains Bredolab
After a relative low virus detection for more than a week, MX Lab started to intercepted a new virus outbreak of Bredolab in emails regarding a Western Union money transfer. The malware is named Bredolab.gen.a (McAfee), TrojanDownloader:Win32/Bredolab.X (Microsoft), Mal/Krap-B (Sophos) or Trojan.Bredolab!gen3 (Symantec).
The spoofed from address is in the form of Manager Ginger Patrick <customer@westernunion.com> where [...]
Facebook updated account agreement email contains Sasfis trojan
Apparently, the virus campaigns are far from over. MX Lab reported on this blog regarding the latest virus campaign that would be an attempt to grow the Cutwail botnet by infecting new computer systems by launching new trojan variants every few days.
MX Lab now intercepts a new Facebook virus campaign from the spoofed address <automailer+gtevzolc@facebook.com> or [...]
Bredolab surges to new heights thanks to Cutwail botnet
Several sources reported a surge of the Bredolab trojan in the middle of October but MX Lab did noticed an real increase on October 27th.
The following graph shows the virus detection from October 7th until November 5th (from right to left) with small peaks at the beginning of October while at the end the virus [...]
Western Union money transfer email contains new variant of Bredolab
MX Lab intercepts a new trojan W32/Bredolab!Generic variant attached in emails from Western Union with the instructions on how to receive the money transfer.
Possible subjects:
Western Union transfer is available for withdrawl.
Western Union. You should receive money transfer! Order 7909.
Senders:
<contact@westernunion.com>
<service@westernunion.com>
Content of the email:
Hello.
The amount of money transfer: 5887 USD.
Money is available to withdrawl.
You may find the [...]
