Mal/BredoZp-B

Posted: August 6, 2010

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	22

First Seen:	March 21, 2012
OS(es) Affected:	Windows

Mal/BredoZp-B is a generic label for malicious files that bear the characteristics of Trojans from the BredoZp family. Mal/BredoZp-B has been seen being distributed by several types of fraudulent e-mail 'spam' campaigns, including fake tracking notification messages. Since all known distribution methods for Mal/BredoZp-B require you to download and open an infected file attachment before Mal/BredoZp-Bcan be installed, SpywareRemove.com malware experts warn against any interaction with e-mail file attachments from unusual or suspicious sources as probable carriers of Mal/BredoZp-B and related PC threats. Mal/BredoZp-B is sometimes installed along with other Trojans and may also install malicious software according to its own parameters, which necessitates scanning your entire PC to remove Mal/BredoZp-B and any other PC threats that may be installed with Mal/BredoZp-B. As a Trojan, Mal/BredoZp-B will try to avoid detection and may violate your computer's security, and Mal/BredoZp-B should always be considered a danger to your PC until Mal/BredoZp-B is fully removed with an appropriate anti-malware application.

The E-Mail That Sends You Mal/BredoZp-B Instead of Informative News

While Mal/BredoZp-B may also be installed by other methods, its foremost distribution mechanic relies on e-mail spam. These mass-mailed e-mail messages include Mal/BredoZp-B and other PC threats, such as Mal/Zbot-FV, in the form of misnamed file attachments (usually as some form of fake .doc or .zip file). As long as you have competent anti-malware programs to protect your PC against malicious e-mail files, your computer should remain in little danger of being infected by Mal/BredoZp-B. However, SpywareRemove.com malware researchers warn that other than alerts that are triggered by your security software, Mal/BredoZp-B's installation may show few or no symptoms when it occurs.

The following example contains samples of potential subject lines and file names for a Mal/BredoZp-B-carrying e-mail, although Mal/BredoZp-B may also be distributed by e-mail messages that differ from this template:

Subject: DHL Tracking Notification ID: [random number]
From: "DHL International"

File Attachment: DHL-Express-Delivery-Notification-Details_03-2012_[Random id].zip

Other Mal/BredoZp-B e-mail templates include fraudulent YesAsia.com invoices and fake FDIC notifications. Successful installation of Mal/BredoZp-B requires only that you download and open the relevant file, which may also display a document or picture to distract you from the attack that's taking place. In some cases, your anti-malware programs may detect Mal/BredoZp-B repeatedly; this can be caused by your software detecting Mal/BredoZp-B in your e-mail client's cache, and can be resolved by deleting all spam email messages sent by Mal/BredoZp-B from your e-mail client.

Why You'll Want Your E-mail Client Locked Up Tight Against Mal/BredoZp-B Attacks

Even though Mal/BredoZp-B was first developed as an identifier in 2010, SpywareRemove.com malware analysts have noted updated to both Mal/BredoZp-B and its distribution tactics throughout the years. In general, it's always recommended for you to keep your anti-malware programs as updated as possible, which will keep your software's ability to detect new Mal/BredoZp-B variants at a high level. Since Mal/BredoZp-B is a general label for e-mail-distributed Trojans, some or all of the following issues can be caused by Mal/BredoZp-B while been installed:

Mal/BredoZp-B may allow criminals to control your PC through a backdoor exploit.
Mal/BredoZp-B may be used to install spyware, other Trojans, worms or additional types of PC threats.
Mal/BredoZp-B may alter your computer's security settings to make your PC more vulnerable than normal to future attacks. Typically, this includes evading your firewall by any of several means.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\Ewafy\zizuy.tmp

File name: %AppData%\Ewafy\zizuy.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

%AppData%\Upilve\upny.exe

File name: %AppData%\Upilve\upny.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{CLSID Path}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3