« previous next »
Pages: [1]   Go Down

Author Topic: Bredolab  (Read 4422 times)

0 Members and 1 Guest are viewing this topic.

May 24, 2010, 06:27:29 pm
Read 4422 times

Garlando

  • Full Member
  • Offline
  • ***
  • 40
Bredolab
This may be a stupid question

But what is the special about Bredolab, does it have anything out of the ordinary?
I see that there is plenty of analysis papers of it but as far as understand it's nothing but a simple downloader (no firewall bypassing, etc)?

So why is there so many writeups about it?
Logged
May 24, 2010, 06:34:35 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: Bredolab
I don't think there is anything special about it.

Anyway, I would like to see those writeups.  :)

Please post some urls.
Logged
Ruining the bad guy's day
May 24, 2010, 06:45:55 pm
Reply #2

RichardW

  • Newbie
  • Offline
  • *
  • 2
Re: Bredolab
Its kind of a generic label.  Some versions of Bredolab are associated with Bugat, which is distributed by the Zeus Botnet.  The significance of it is that hardly any antiviruses can detect it and it can use https for its c&c as well as a socks proxy.  It monitors for ach transactions and steals various account credentials such as pop3.

Its nasty.
Logged
May 24, 2010, 07:59:07 pm
Reply #3

Garlando

  • Full Member
  • Offline
  • ***
  • 40
Re: Bredolab
Quote from: SysAdMini on May 24, 2010, 06:34:35 pm
I don't think there is anything special about it.

Anyway, I would like to see those writeups.  :)

Please post some urls.

http://blog.threatfire.com/category/bredolab
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/bredolab_final.pdf

i saw it had some connections with the pushdo botnet maybe thats why it has been written about it
Logged
Pages: [1]   Go Up
« previous next »