Troj/Bredo-ZT

Troj/Bredo-ZT is a recently-discovered Trojan from the widespread Bredo family, and like many other Bredo-based Trojans, uses mass-distributed e-mail messages as its favored chariots. E-mail spam that contain Troj/Bredo-ZT have, so far, limited themselves to templates that claim to be notifications about money wire transferrals, with the corresponding file attachment being presented as a Word document or other type of harmless file. However, the file attachment actually is a .zip that's detected as Troj/BredoZp-KQ until it's unzipped and Troj/Bredo-ZT is installed. Since Troj/Bredo-ZT has shown some of the characteristics of a backdoor Trojan, including making contact with external IP addresses and altering the infected PC's Internet settings, SpywareRemove.com malware analysts recommend detecting and deleting Troj/Bredo-ZT with an anti-malware scanner with all possible expediency.

Troj/Bredo-ZT: a Faux Wire Transfer That's Giving You New Reasons to Distrust E-mail Attachments

While file attachments in e-mail messages are an extremely common means of distribution for various PC threats, Troj/Bredo-ZT appears to be content with re-treading this well-used path for propagation. Troj/Bredo-ZT e-mail spam is still ongoing as of late June 2012, and, thus far, always uses variants on a common 'money transfer' scam that claims that your transfer was rejected. The message goes on to claim that all is required for you to do is open the included file attachment for more information, but this file actually is an inaccurately-labeled .zip file (detected as Troj/BredoZP-KQ) that installs Troj/Bredo-ZT. SpywareRemove.com malware researchers have also seen similar attacks with other PC threats, particularly including other Bredo Trojans like Mal/BredoZp-B, Troj/Bredo-VV, Troj/Bredo-QI and Troj/Bredo-RK.

Headers for Troj/Bredo-ZT's e-mail messages can vary, but, at the time of this writing, always include a mention of a wire transfer. They may also include fake transaction reference numbers or tags that imply that these messages have been forwarded from another mailbox. Non-Windows computers can be considered immune to Troj/Bredo-ZT attacks even if they open the relevant file, since Troj/Bredo-ZT is specific to the Windows operating system (although these OSes may be attacked successfully by unrelated PC threats in a similar manner).

The Practical Results of Embracing Troj/Bredo-ZT's Wire Transfer Hoax

As a new Bredo variant, Troj/Bredo-ZT hasn't yet been completely analyzed, and SpywareRemove.com malware experts emphasize keeping all of your anti-malware programs updated if you want to have a good chance of detecting either prior to its installation or afterward its installation. Nonetheless, functions of Troj/Bredo-ZT that have been confirmed include:

• Unauthorized alterations of Windows components, including the Windows Registry.
• Unauthorized changes to your Internet settings; this can make your PC unusually vulnerable to other attacks, up to and potentially including allowing criminals to access your computer through Command & Control servers.
• The creation of fake Windows files (such as cmd.exe) that are used for malicious purposes.
• Contact with remote IP addresses; Troj/Bredo-ZT may do this to transfer stolen information or to download and install other forms of hostile software.

Deleting Troj/Bredo-ZT e-mails on sight is the surest way to protect your computer from Troj/Bredo-ZT, and SpywareRemove.com malware research team always encourages you to scan e-mail files prior to downloading them.

Technical Details