1

Your Computer is Infected!, Probably Because of that Bredolab Attachment

Last week’s Bredolab post generally described the ongoing downloader’s email blasts and the malicious injector/downloader’s static and dynamic characteristics. Here are a few more screenshots of the moneymaker payload. This payload currently is the rogueware/scareware “PC AntiSpyware 2010″, which also has been distributed in a number of other ways over the past few months.

First off, users are prompted with the all-too-familiar, inaccurate and scary taskbar balloon “Your Computer is Infected! Windows has detected spyware infection!”.

The software then pops an attractive dialog, appearing to scan the drive and find infections. So far in this screenshot it incorrectly reported 34 infections on our clean lab machine:

Even on our clean lab system, the user is also prompted with a series of phony malware detections. This one appears to be “Email-Worm.JS.Gigger”, which they claim can “reformat the user’s hard disk after reboot”:

A registration page will eventually pop up, which redirects the user to a page to register the software for a “Lifetime Software License – 89.95 USD One Time Charge“.

The home page for the site includes a set of supposed “Testimanials” and a list of award logos that they have never achieved:

This site’s installer, “installer2.exe”, is served up from a site hosted in London:
uliondarvasoka.com
216.86.144.130

As warned in the previous post, always be suspicious of attachments that arrive via email, software being delivered from web sites that don’t seem to be trustworthy, and add a behavioral layer of protection to your system.

This entry was posted in Virus News. Bookmark the permalink.

2 Responses to Your Computer is Infected!, Probably Because of that Bredolab Attachment

  1. leinad_elyag@windstream.net says:

    I installed 'Threatfire'(free) about 2 hours ago, and set my preferences. NOW, I cannot bring up any of my programs on desktop. When I click on an icon NOTHING happens ! ! ! I cannot get into 'add or remove programs' to remove it from my computer. I can't use any add-ons on Firefox. Anyway, can somebody show me how to get rid of Threatfire? It will NOT let me open system recovery to get to the area where I can reset my computer to a different date. HELP

  2. ThreatFire Blogger says:

    Hi Leinad,

    Sorry to see that you are having what appears to be an extra-ordinary problem. We'd like to see you helped, but this blog is not our support forum. Our support guys are responsive on our forum, please post a description of the problem here:

    http://www.pctools.com/forum/forumdisplay.php?f=59

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>