Bredolab Virus found to Spread through Fake Amazon Spam Message
A new malicious Bredolab attack is using fake emails which look like order-confirmation messages from Amazon to spread onto computers.
The attached document contains a corrupt file, which installs a new Trojan from the notorious Bredolab family. The email will claim that "Your order has been paid! Parcel NR:58588-691" and arrive from refrigeratorser22@rokulabs.com, which is a spoof address. The messages are signed by a fake Amazon employee named Vaughn Montes.
The spam email reads:
"Dear Sirs, Thank you for shopping at Amazon.com! We have successfully received your payment. Your order has been shipped to your billing address. You have ordered ' Sony Bravia S1452 ' You can find your tracking number in attached to the email document. Print the postal label to get your package. We hope you enjoy your order!"
The Trojan has been detected under various aliases, which include Trojan.Generic.Bredolab.3232 (ClamAV), W32/VBcrypt.E.gen!Eldorado (Eldorado), W32/VBcrypt.E.gen!Eldorado (F-Prot) or Heuristic.BehavesLike.Win32.Downloader.H (McAfee-GW-Edition). It will operate in the background and detection will be difficult when using a malware remover that has not been updated.
The emails have a .zip archive called Amazon_label_N-322-552.zip attached, but the digits can differ with each message. The file archive contains a file called Amazon_label_N-322-552.DOC.exe, which uses a fake Microsoft Word icon to con users into believing it is legitimate.
The Trojan is capable of performing its own downloads of malicious files or applications onto the compromised machine. After installation the parasite can install other malware and lead to damage caused by unknown applications being executed. The virus may also come packed with a keylogger to steal personal data from the targeted PC. Passwords, banking details and private documents are all under threat once this Trojan gains access to the computer.
Symptoms of this infection may include your screen flashing and flipping upside down. The disappearance of files and documents also occurs when this Trojan is active. It also has the ability to add corrupt files and folders to the registry.
Do not be fooled. Use an reliable spyware remover to detect and remove this dangerous parasite from your computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.