Win32/Bradop

Posted: June 19, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	31

First Seen:	May 24, 2012
OS(es) Affected:	Windows

Win32/Bradop is a family of banking Trojans that include separate spyware and Trojan downloader components. Like Mal/Behav-130, Win32/Bancos or TSPY_BANKER.EUIQ, Win32/Bradop appears to predominantly target Brazil-based bank accounts via its distribution through spam e-mail. Unlike some similar PC threats, Win32/Bradop-based Trojans only require you to click on an embedded image, rather than download a file attachment, to be infected. In addition to harvesting Brazilian bank credentials, Win32/Bradop Trojans can also steal more broadly-applicable data than the above, such as Twitter and e-mail account information. Like all banking Trojans, Win32/Bradop and its relatives are extreme violations of your computer's privacy and safety, and SpywareRemove.com malware researchers encourage you to use suitable anti-malware software to detect all components of a Win32/Bradop infection for their removal.

Win32/Bradop: Pretending to Restore Money for Its Heist

Win32/Bradop e-mail messages use Portuguese text and use the pretense of being sent to clear up a financial debt as part of a series of communications that was supposedly initiated by phone. Although Win32/Bradop e-mails even reference consumer protection in their messages, these e-mails don't have any interest in your protection, since clicking the receipt image that's provided will immediately result in contact with a Win32/Bradop installer (identified as TrojanDownloader:Win32/Bradop.A). SpywareRemove.com malware researchers also warn that this link isn't obviously malicious, since obfuscation techniques are used to conceal its web address.

Besides installing its banking Trojan, the downloader component of Win32/Bradop may also disable the UAC and open an irrelevant web page for Brazilian news to distract you from Win32/Bradop's installation process. Sadly, the features of the second half of a Win32/Bradop attack are even worse for your computer's security than these attacks, as explored further in this article.

When a Win32/Bradop Downloader Turns into a Spy

After its installation, Win32/Bradop's malicious Browser Helper Object will attach itself to Internet Explorer with the detection label of TrojanSpy:Win32/Bradop.B. This second half of Win32/Bradop will use screenshots and other methods of stealing personal information, and SpywareRemove.com malware researchers note that the following sources are especially at risk:

Brazilian banks (Caixa Economica Federal, Banco do Brasil, Sicredi, etc).
Credit card payment portals.
Domain hosting sites (such as Kinghost.net, Pachost.com.br and Hostnet).
E-mail and social networking accounts, including Gmail, Twitter, Hotmail and Globomail.

Since Win32/Bradop has had a, frankly, astounding rate of success in its social networking attacks, SpywareRemove.com malware experts especially caution you to avoid clicking on suspicious e-mail links from messages that fit Win32/Bradop's e-mail template. Actual removal of Win32/Bradop should always be done with anti-malware programs that can detect all components of a Win32/Bradop infection. Because many Win32/Bradop-affiliated PC threats were only identified as of April 2012, you should be especially certain of updating your anti-malware software in cases where their databases are older than this date.

TrojanDownloader:Win32/Bradop.A

Win32/Bradop

Threat Metric

Win32/Bradop: Pretending to Restore Money for Its Heist

When a Win32/Bradop Downloader Turns into a Spy

Related Posts

Leave a Reply