Malware Domain List

Malware Related => Malware Analysis => Topic started by: Garlando on May 24, 2010, 06:27:29 pm

Title: Bredolab
Post by: Garlando on May 24, 2010, 06:27:29 pm
This may be a stupid question

But what is the special about Bredolab, does it have anything out of the ordinary?
I see that there is plenty of analysis papers of it but as far as understand it's nothing but a simple downloader (no firewall bypassing, etc)?

So why is there so many writeups about it?
Title: Re: Bredolab
Post by: SysAdMini on May 24, 2010, 06:34:35 pm
I don't think there is anything special about it.

Anyway, I would like to see those writeups.  :)

Please post some urls.
Title: Re: Bredolab
Post by: RichardW on May 24, 2010, 06:45:55 pm
Its kind of a generic label.  Some versions of Bredolab are associated with Bugat, which is distributed by the Zeus Botnet.  The significance of it is that hardly any antiviruses can detect it and it can use https for its c&c as well as a socks proxy.  It monitors for ach transactions and steals various account credentials such as pop3.

Its nasty.
Title: Re: Bredolab
Post by: Garlando on May 24, 2010, 07:59:07 pm
I don't think there is anything special about it.

Anyway, I would like to see those writeups.  :)

Please post some urls.

http://blog.threatfire.com/category/bredolab
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/bredolab_final.pdf

i saw it had some connections with the pushdo botnet maybe thats why it has been written about it