Troj/Bredo-ABB, also detected as Gen:Variant.Barys.7136, is a dangerous Trojan that has been recently associated with a spam email campaign composed of fake email messages from Groupon. Groupon is a legitimate online website that offers its members special deals and discounts on numerous retail products. However, the email messages containing the Troj/Bredo-ABB Trojan have no relationship with Groupon. These fake Groupon email messages contain an attached ZIP file that infects your computer with the Troj/Bredo-ABB Trojan as soon as the ZIP file is opened. ESG malware analysts note that Trojans such as Troj/Bredo-ABB will usually establish a backdoor into the infected computer which can then allow criminals to install all kinds of malware on the compromised computer. ESG security researchers consider that using a strong anti-spam filter for your email accounts is an essential part of protecting your machine from Troj/Bredo-ABB, ensuring that these malicious email messages never make it into your inbox in the first place. If you have been exposed to this malware infection, the use of a strong anti-malware application is recommended.
The Troj/Bredo-ABB’s Malicious Email Message
Computer users that have not protected their computers with anti-malware software or that are using outdated anti-malware products are at a particular risk for a Troj/Bredo-ABB infection. There are numerous Trojans in the Bredo family, most of which are distributed in fraudulent email messages similar to the fake Groupon email message used in the Troj/Bredo-ABB scam. Criminals copy the formatting of real Groupon email messages closely, such as mentioning the Groupon promise, using the Groupon logo, and even including the Groupon mobile app. However, some characteristics of these malicious email messages should raise red flags immediately. For example, numerous typos such as the subject line ‘Groupon dicount gifts’ and the fact that it requests the download of a compressed file, which would never be the case with a reputable company’s email offer.
Preventing a Troj/Bredo-ABB Attack
To obstruct the Troj/Bredo-ABB infection follow basic email safety guidelines. A reputable company will never ask you to open an unsolicited email attachment, so messages that do this (such as these fake Groupon messages) should be deleted and flagged as spam on sight. All file attachments should be scanned with a reliable anti-malware scanner before downloading and, in fact, most reliable anti-malware products can be configured to do this automatically. Considering that Troj/Bredo-ABB first appears in July of 2012, it is also important to update your anti-malware software frequently.
How Can You Detect Troj/Bredo-ABB?