Author Topic: Bredolab  (Read 2759 times)

0 Members and 1 Guest are viewing this topic.

May 24, 2010, 06:27:29 pm
Read 2759 times

Garlando

  • Full Member

  • Offline
  • ***

  • 40
This may be a stupid question

But what is the special about Bredolab, does it have anything out of the ordinary?
I see that there is plenty of analysis papers of it but as far as understand it's nothing but a simple downloader (no firewall bypassing, etc)?

So why is there so many writeups about it?

May 24, 2010, 06:34:35 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I don't think there is anything special about it.

Anyway, I would like to see those writeups.  :)

Please post some urls.
Ruining the bad guy's day

May 24, 2010, 06:45:55 pm
Reply #2

RichardW

  • Newbie

  • Offline
  • *

  • 2
Its kind of a generic label.  Some versions of Bredolab are associated with Bugat, which is distributed by the Zeus Botnet.  The significance of it is that hardly any antiviruses can detect it and it can use https for its c&c as well as a socks proxy.  It monitors for ach transactions and steals various account credentials such as pop3.

Its nasty.

May 24, 2010, 07:59:07 pm
Reply #3

Garlando

  • Full Member

  • Offline
  • ***

  • 40
I don't think there is anything special about it.

Anyway, I would like to see those writeups.  :)

Please post some urls.

http://blog.threatfire.com/category/bredolab
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/bredolab_final.pdf

i saw it had some connections with the pushdo botnet maybe thats why it has been written about it