(WEB HOST INDUSTRY REVIEW) — Business security services provider MessageLabs Intelligence (www.messagelabs.com) has seen a dramatic rise in the volume of the Bredolab Trojan being sent by the Cutwail (also known as Pandex) botnet, which gives senders complete control of the target computer.
According to MessageLabs, the percentage of spam relating to the Bredolab Trojan has steadily increased in recent months, reaching its highest level in October. It currently accounts for 3.5 percent of all spam and 5.6 percent of all malware intercepted each day. So far in October, approximately 3.6 Billion Bredolab malware emails are likely to be in circulation each day, worldwide.
Bredolab is a Trojan that arrives in the form of a zip file attachment to an email with a subject referring to postal tracking numbers. The email prompts the recipient to open and run the attachment which automatically installs the Trojan. Once installed, it attempts to disable the host-based security and then facilitates downloading other malicious content.
“By nature, once this Trojan is on a system, it is unlikely to be detected and will allow the controller to do whatever they wish with the infected machine, such as installing other malware and spyware,” Symantec MessageLabs Intelligence senior analyst Paul Wood said in a statement.
Currently, the most common form of malicious file type attachments are zip files, owing to the large scale of this latest threat. Zip files are a common file format and have often been used for sending malware in the past, but are often used legitimately too. There is no indication that a zip file attachment represents an increased likelihood of a file being malicious; however, most businesses are unlikely to use zip files as part of their typical email correspondence.
An accomplice to Bredolab, the Cutwail family of trojans has been used to send bulk email, by downloading and executing files, either by saving them to disk or even injecting them into a new Internet Explorer process without being written to disk.
