Bedep

Bedep is a family of Trojan downloaders and botnet utilities that may install other threats, subvert your PC's system resources for other illicit activities, or generate fake advertising traffic. While members of Bedep can circulate by multiple means, some of the latest attacks verified by malware researchers traced Bedep to compromised advertising networks hosting Swifti, a Flash Trojan. In addition to the usual recommendations of using anti-malware products to detect and delete Bedep, you also may want to avoid using Internet Explorer, the sole browser vulnerable to Swifti's assaults.

The Depth of Bedep's Malware Rabbit Hole

Bedep is one of the many Trojans used, first and foremost, for installing other Trojans and threats. Bedep also may be connected to the exploitation of an infected PC's resources for creating fake advertisement traffic, or for initiating a backdoor connection with botnet servers that could launch coordinated, large-scale attacks. Some major threat families that malware researchers see Bedep installing include:

• Zemot and Dofoil, two other types of Trojan downloaders. Zemot often installs sophisticated spyware, such as Zeus.
• Ursnif, a spyware family that steals private information, including passwords and digital certificates.

While some unrelated Trojans, such as F0xy, prefer to 'hide in plain sight' by avoiding any code obfuscation, Bedep makes considerable use of encryption to protect itself from being detected. Bedep installs its previously-explained payload automatically and also installs itself through similar attacks, using Swifti.

Swifti was last seen circulating throughout compromised advertising networks hosted on legitimate websites, and uses a zero-day (or unpatched) Flash vulnerability to install Bedep. In theory, Swifti also could install more threats in addition to Bedep, or in exclusion to it.

Since third parties can reconfigure their botnets for diverse purposes, other symptoms or ill effects from Bedep infections are unpredictable and may vary in terms of the consequential damage to your privacy or PC.

Blocking the Trojan that could be in Your PC in a Flash

Only Internet Explorer users are vulnerable to current delivery methods used by Bedep and Swifti, although similar Flash-based attacks have been viable in other browsers. For PC users who refuse to switch browsers or block advertisements, disabling Flash may prove to be the most urgent priority, until Adobe can release a security patch. Just like threat-installing attacks originating from Bedep infections, the attacks that install Bedep Trojans are unlikely to display symptoms visible to casual inspection. Regular anti-malware scans are preferable to identifying and removing Bedep or its payloads.

After dealing with Bedep, the integrity of your informational privacy also should be considered. Changing all passwords and other, exploitable information stored on your computer isn't necessarily mandatory, but could prevent third parties from using Bedep's successes to conduct other attacks that hijack your accounts or cause other damages.

Technical Details