Music with a Bit of Bredolab, Please!

You ordered music, but you got a Trojan. What kind of business is this?



Malware bundled with spam is usually scarce compared to the “regular junk mail” we’re processing here at BitDefender, but things go a little bit different around holidays. Last week I reported on the Facebook password reset stunt– today’s campaign uses a pinch of social engineering to trick you into popping open an infected attachment.

So, here it comes:

In your inbox there’s a little new message waiting for you. If you have ever purchased anything via the web, then you’re probably familiar with its content – so familiar that the sudden urge of curiosity might hook you up and lure to double-click the attachment. Yes, it starts as a simple spam scam, but it doesn’t stop there.

The message reads that you’ve just received “your” order confirmation. “What order?” you might think, and you would be right to ask yourself that, since you don’t remember having placed any orders in the last couple of days.

What you don’t know at this point is that the “successful order” message is phony, as in not attributed to any real order. It is just a scam that carries a deadly load instead of a receipt. Always busy and constantly multitasking justifies the absentmindedness with which you take this as genuine.


Fig.1 Phony confirmation, phony receipt and Bredolab malware claiming to come from a legit online shop

Not recognizing the order, the date, the company, the sum of money are hints that ought to determine you not to open the attachment; because this e-mail has nothing to do with you.

Should you, however, click the link, than you are opening the second door towards malware: the payload a.k.a. the Gen:Variant.Bredo.21, a variant of the well-known Bredolab clan, a piece of malicious code I’ve been talking about in my previous blog posts. 

Shortly about the danger lurking in the attachment: this malware mostly disguised as a Word® document injects itself into various processes such as explorer.exe. Next it starts downloading rogue security programs that will generate an avalanche of pop ups telling you that your PC is in danger and you need an AV to solve the situation, preferably a rogue antivirus that will eat through your credit card balance without disinfecting a file.

The moral of this story is simple: never open e-mail attachments that come from unknown senders, especially when they claim to be greeting cards, security updates or purchase receipts. Look for signs of suspicions (see that the mail subject refers an order number, but the message body shows a different reference number) and keep your system safe with a fully-fledged antivirus such as the ones provided by BitDefender. If you’d like to enjoy your spring without worrying about the security of your system, make sure you grab a free 40-day trial of BitDefender Internet Security 2011or our completely free TrafficLight, a fully-fledged online security solution.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.