- This malware has the capability to copy itself into the system files and executing itself
- It is in Top 5 in Austria, Poland, Turkey, in Top 10 in Bulgaria, United Kingdom and Sweden
- Unadvanced users are recommended not to open unknown or suspicious attachements or files
Win32/TrojanDownloader.Bredolab.AA is a newcomer on the list of global infiltrations. It is inserting itself into the PC thanks to Adobe applications exploits, PDF and SWF files, and thanks to the internet. Well, an user activity is needed here; trojan activates itself after opening an infected PDF or SWF file.
This kind of malware has the capability to copy itself into the system files and executing itself with every boot-up. At the same time, it establishes communication with a remote server via HTTP protocol. In other words, when this trojan horse is in the PC system, its only mission is downloading additional malware – especially adware, spyware or other threats out from different servers and places on the internet. Malware portfolio, which the trojan horse downloads into the infected PC, is wide – from bots to downloaders, password and valuable data stealers. There has been some cases when Bredolab Trojan was downloaded by other downloaders, members of the family Win32/TrojanDownloader.FakeAlert, so a connection to rouge antivirus is here as well.
According to ESET ThreatSense.Net June report , Bredolab trojan is the topmost threat in Czech Republic and Slovakia. In other European countries Trojan scores high in the infiltration ranking. It is in Top 5 in Austria, Poland, Turkey, in Top 10 in Bulgaria, United Kingdom, Sweden, Belgium, Russia and Germany, in top 20 in Ukraine or Italy, and in Top 40 in Ireland and France.
Win32/TrojanDownloader.Bredolab.AA is still top threat with rising potential in Poland, Sweden or Turkey and with significant growth in Ireland where it went from Top 40 to Top 15.
Bredolab trojan is considered as dangerous because of variety of malware it is capable to download to user’s computer. It could be e.g. a hard-to-remove kind of malware so Bredolab’ s sudden removal off of computer is needed. Because of entering the computer system through PDF or SWF files, ESET recommends to unadvanced users not to open unknown/suspicious attachements in e-mail and always be cautious while surfing on web.
Chart : Spreading of Win32/TrojanDownloader.Bredolab.AA according to ESET ThreatSense.Net®. (in % of all detected threats) *Data of July 1-13.
About ESET
Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; San Diego, USA; Prague, Czech Republic; Buenos Aires, Argentina; and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.
About ThreatSense.Net®
ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant.