Results for bredolab

Industry Trends

Partnerships Vital In Cybercrime Crackdowns

For most organizations, regardless of industry, forming strategic partnerships are critical in achieving objectives. In the case of security organizations, partnerships are vital for better sharing and disseminating threat information, disrupting malware and tracking down cybercriminals and handing them over to appropriate law enforcement channels for prosecution. The FortiGuard team at Fortinet, for example, has partnerships with organizations such as VirusTotal, an independent online service that analyzes files and URLs in an effort to aid the...

By Stefanie HoffmanMay 17, 2012

Threat Research

API Resolution in W32/Bredolab.AC!tr.dldr

In-depth analysis of malware shows different methods of obfuscating their codes. They employ different tactics to hide themselves to harden analysis. They also dynamically load functions that they will be using. Those functions more often times called API (Application Programming Interface) are commonly loaded when we run an application. Malware authors also use dynamic function loading to enable itself to adapt to different operating system. They use it to enable their program to run on Windows XP, Vista, Windows 7 or other platform. Common practice...

By Raul AlvarezMarch 01, 2010

Threat Research

December 2009 Threat Landscape : Bredolab dominant, threats well positioned for 2010

Overall malware volume returned to pre-October levels this period, after two months of record activity driven by ZBot, Bredolab and Pushdo/Cutwail. Nonetheless, the Bredolab loader returned to top spot with a vengeance this period, accounting for a whopping 66.5% of total detected malware activity. Again, as we have seen time and time again these attack campaigns typically do not last longer than a couple of days, but can return quickly in mass volume. The seeding engines (largely the Cutwail spamming trojan) behind Bredolab certainly have a lot...

By Derek MankyDecember 28, 2009

Threat Research

John Doe's Credentials

Since my last post on Jane Doe and Bredolab, John has been slightly jealous of her fame. He told me that, he too, as a manager of the returned material service, was dealing with plenty of parcels and that he could have been the perfect target. As I was curious to see what a genuine shipment company e-mail looked like (to compare them with Bredolab), I asked him if I could have a quick look at his mailbox. I had hardly started reading his e-mails, that I ran into one that had me immediately start. For those of you who do not speak French, I have...

By Axelle ApvrilleNovember 16, 2009

Threat Research

Targeted Spam: An Unfair Blow to Security

Today, I feel like telling you a true story that happened at Fortinet, the story of Jane Doe. Jane Doe works for Human Resources at the reception desk, so she is used to receiving lots of mail, UPS or DHL parcels for the company. Some time ago, Jane received an e-mail from DHL, notifying her they had been unable to deliver a parcel (see figure below). She does handle plenty of DHL parcels every day, consequently, she did not give this e-mail any particular attention and, quite absent-mindedly, tried to open the attachment. Fortunately, she did...

By Axelle ApvrilleNovember 05, 2009