TrojanDownloader:Win32/Bradop.A
Posted: June 19, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 52 |
First Seen: | June 19, 2012 |
---|---|
OS(es) Affected: | Windows |
TrojanDownloader:Win32/Bradop.A is the downloader component for a banking Trojan family that, like many others, focuses on stealing account logins from Brazilian banks. TrojanDownloader:Win32/Bradop.A is distributed by fraudulent e-mail messages that include embedded images with shortened links to TrojanDownloader:Win32/Bradop.A; after its launch, TrojanDownloader:Win32/Bradop.A will proceed with installing a second component that's responsible for stealing personal information. SpywareRemove.com malware researchers rank TrojanDownloader:Win32/Bradop.A and its relatives as high-level PC threats that should be removed with sophisticated anti-malware products, since TrojanDownloader:Win32/Bradop.A and its kin use multiple components and standard spyware techniques to avoid being detected while they steal account login data.
TrojanDownloader:Win32/Bradop.A: Just the Start of Your Problems if You're Too Careless with Your Clicks
As a Trojan that preferentially attacks Brazilian banks, TrojanDownloader:Win32/Bradop.A's e-mail-based messages also focus on Brazilian victims by including Portuguese text and references to Brazil-based organizations like Serasa. These messages include fake receipt images while claiming to offer information about a recent financial transaction, but this receipt actually is just the trap that TrojanDownloader:Win32/Bradop.A hides its link in. Once clicked, this link (which SpywareRemove.com security analysts have discovered to be shortened with a generic Bitly service) will install TrojanDownloader:Win32/Bradop.A. In some cases, a separate web page with some minor Brazilian content, such as news articles, will also be opened to distract you from the fact that your PC is being attacked.
TrojanDownloader:Win32/Bradop.A is responsible for both installing and automatically running a second component of its attack, TrojanSpy:Win32/Bradop.B. TrojanSpy:Win32/Bradop.B will attempt to monitor and steal information from Brazilian bank sites, e-mail accounts, social networking accounts and also accounts for some web domain hosts. SpywareRemove.com malware researchers encourage you to scan your PC to remove both TrojanDownloader:Win32/Bradop.A and TrojanSpy:Win32/Bradop.B, since they're unlikely to respond to normal software removal techniques with any degree of cooperation. Afterwards, changing any potentially-compromised passwords and other security information is also strongly recommended.
How You Can Keep TrojanDownloader:Win32/Bradop.A's Cadre of Spies Off of Your PC
Although reports of TrojanDownloader:Win32/Bradop.A in the wild have only been observed as of May 2012, TrojanDownloader:Win32/Bradop.A's e-mail messages have already been viewed tens of thousands of times, with its estimated success rate for installation being staggering at just over sixty percent. In light of this, SpywareRemove.com malware researchers strongly encourage Brazilian PC users to be cautious about viewing or interacting with e-mail messages from unusual sources. As a cautionary tip, reputable financial organizations will never send links embedded in banner images or use file attachments, since these are common security hazards that TrojanDownloader:Win32/Bradop.A and other PC threats exploit for their own purposes.
While most of TrojanDownloader:Win32/Bradop.A's attacks are concerned with victimizing Brazilian bank customers, some aspects of TrojanDownloader:Win32/Bradop.A's payload can also attack non-Brazilian information, including Twitter, Hotmail and Gmail accounts. The presence of banking Trojans or associated PC threats like TrojanDownloader:Win32/Bradop.A should always be considered a danger to your computer until the situation is resolved via anti-malware software or a PC security expert.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 77.31 KB (77312 bytes)
MD5: 803faf29657c89965818afb2c25b295c
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
fonghas.dmp
File name: fonghas.dmpSize: 76.8 KB (76800 bytes)
MD5: 4396dc30e1f01ca045d38c7230102327
Detection count: 50
Mime Type: unknown/dmp
Group: Malware file
Last Updated: June 20, 2012
file.exe
File name: file.exeSize: 163.15 KB (163152 bytes)
MD5: 2a255aa70b3c561871659c25efea8443
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
wherd5.exe
File name: wherd5.exeSize: 77.31 KB (77312 bytes)
MD5: 01ba0c8a3ed1bb9a3d76383003edfdbb
Detection count: 48
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
file.exe
File name: file.exeSize: 155.64 KB (155648 bytes)
MD5: 551bdaf25402b7a7ca93993b9f1195a7
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
<system folder>\inf\machineusa.inf
File name: <system folder>\inf\machineusa.infMime Type: unknown/inf
Group: Malware file
<system folder>\inf\machine1.inf
File name: <system folder>\inf\machine1.infMime Type: unknown/inf
Group: Malware file
<system folder>\inf\machinez.inf
File name: <system folder>\inf\machinez.infMime Type: unknown/inf
Group: Malware file
%Temp%\strFileDestVar1.cpl
File name: %Temp%\strFileDestVar1.cplMime Type: unknown/cpl
Group: Malware file
%windir%\System32\rundll32.exe Shell32.dll,Control_RunDLL "%temp%\strFileDestVar1.cpl"
File name: %windir%\System32\rundll32.exe Shell32.dll,Control_RunDLL "%temp%\strFileDestVar1.cpl"Mime Type: unknown/cpl"
Group: Malware file
%windir%\<folder>\<file name>
File name: %windir%\<folder>\<file name>Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.