Troj/BredoZp-GY

Posted: December 6, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	6,228
Threat Level:	1/10
Infected PCs:	4,106

First Seen:	December 6, 2011
Last Seen:	October 8, 2023
OS(es) Affected:	Windows

Troj/BredoZp-GY is a new variant of Keylogger Zeus (also known as the Zeus Trojan or Win32/Zbot) that steals bank-related financial information from any PC that Troj/BredoZp-GY infects. This latest version of Zeus uses e-mail distributed forms of fake Adobe product updates to infect new computers, although, if you avoid touching Troj/BredoZp-GY's file attachment, your PC should be safe. As of early December 6th 2011, many PC security brands have created a definition for Troj/BredoZp-GY only very recently, and you should update your anti-malware software to maximize the possibility of stopping a Troj/BredoZp-GY attack before it can start. However, symptoms of a Troj/BredoZp-GY infection may not be very-visible or even present at all, and SpywareRemove.com malware researchers note that warnings from your anti-malware products may be the only signs of a Troj/BredoZp-GY infection after installation.

Troj/BredoZp-GY - the Latest from Hackers Rather Than Adobe Software

Although other variants of Zeus are distributed in a multitude of ways, Troj/BredoZp-GY is, so far, consistent in its use of fake Adobe e-mail to distribute itself to hapless computers. This e-mail uses basic e-forgery techniques to make it look as though the message is an Adobe software update for their Acrobat Reader and Advanced Suite, but the announced features, as well as the update itself, can safely be considered fraudulent. Because this method of propagation requires you to download and install the file attachment for Troj/BredoZp-GY of your own free will, SpywareRemove.com malware researchers are glad to note that you can easily trash the guilty e-mail and go on about your business in perfect safety.

The following sample of Troj/BredoZp-GY's e-mail template is also provided for easy identification:

Subject: Adobe Software Upgrade Notification ID: [Randomized numbers]

Hello Dear,

Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced features include:

- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today please open attached file.

Copyright 2011 Adobe Systems Incorporated. All rights reserved.
TrackNum: [Randomized reference numbers]

Adobe Systems Incorporated,

File Attachment: AdobeSystems-Software_Critica Update Dec_2011-[Random].zip

Why Nothing is Safe Once Troj/BredoZp-GY Gets Inside

However, if you do install this fake update, your PC will be infected by Troj/BredoZp-GY and suffer the concealed-but-deadly consequences of this banking Trojan's presence. Troj/BredoZp-GY and other variants of Keylogger Zeus prefer to steal bank-related information, but may also use general spyware techniques, such as keyboard input-monitoring (AKA keylogging), to steal other forms of info. You should remove Troj/BredoZp-GY as soon as you realize Troj/BredoZp-GYs on your PC, but use competent anti-malware applications for this task. Afterwards, you may want to speak with your bank about taking extra steps to make sure that your identity, account or finances will not be compromised by the Troj/BredoZp-GY attack.

Troj/BredoZp-GY's presence may be detected by minor system changes, such as:

Excessive memory use from certain file processes.
Normal Windows processes that are duplicated or misspelled.
Unauthorized changes to the Windows Registry.
Worsened system performance and/or general software sluggishness.

Because this signs of Troj/BredoZp-GY attacks are subtle, SpywareRemove.com malware researchers recommend that you assume that Troj/BredoZp-GY is active on any type of potentially-infected PC, and commence with appropriate precautions.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

AdobeSystems-Software_Critica Update_Dec_2011-OHQD49W.zip

File name: AdobeSystems-Software_Critica Update_Dec_2011-OHQD49W.zip
Size: 199.94 KB (199941 bytes)
MD5: 730981f0fdc9f9e607003407b1178508
Detection count: 76
Mime Type: unknown/zip
Group: Malware file
Last Updated: December 9, 2011

Adobe Systems Software Critical Update Dec 2011.exe

File name: Adobe Systems Software Critical Update Dec 2011.exe
Size: 205.31 KB (205312 bytes)
MD5: 52b0e4177c20b6df8d7b502a474f4a7e
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 9, 2011

AdobeSystems-Software_Critica Update_Dec_2011-4FLO1UW.zip

File name: AdobeSystems-Software_Critica Update_Dec_2011-4FLO1UW.zip
Size: 199.92 KB (199929 bytes)
MD5: 4d9640bf26e54efcaba882eed987c07a
Detection count: 73
Mime Type: unknown/zip
Group: Malware file
Last Updated: December 9, 2011