Troj/Bredo-MY

The Troj/Bredo-MY Trojan is a malware infection designed to allow a criminal to take control of your computer system from afar. Typically, criminals use malware such as Troj/Bredo-MY in order to add infected computers to vast botnets, which are huge networks of infected computers that can be controlled in order to carry out coordinated criminal actions. Some examples of ways in which criminals use a botnet include sending out vast amounts of spam email and using thousands of computers to overload a specific company's server with requests. Troj/Bredo-MY has been associated with an email phishing scam which tries to trick its victims into downloading Troj/Bredo-MY by making them believe that Troj/Bredo-MY Trojan is actually a new license for InDesign, a popular publishing application released by Adobe Systems. Because of this, ESG security researchers strongly advise against opening attached files or clicking any embedded links contained in unsolicited email messages. It is important to understand that legitimate companies will never send out unsolicited email containing embedded links or email attachments.
 

How Troj/Bredo-MY's Email Phishing Scam Works

The fake message linked to Troj/Bredo-MY will typically claim that it contains a license key for InDesign. This is part of a series of malicious emails that have been sent out in November of 2011, all related to popular Adobe Systems products. Related to this phishing scam are spam email campaigns claiming to contain updates for Adobe Acrobat Reader and for other popular Adobe Systems software. Typically, the actual phishing email will contain a subject line that simply says 'InDesign CS4 License Key', although there may be variants to this subject line. Just like the Adobe Acrobat Reader phishing scam, this fraudulent email contains a randomly-numbered attachment which changes from one case to the next. The body of this phishing email simply urges the victim to explore all the possibilities offered by InDesign. By keeping their phishing email quite short, criminals manage to avoid one of the most common pitfalls of fraudulent messages and phishing scams: writing that does not sound quite natural (since most of these phishing scams originate from countries such as the Russian Federation, Ukraine, Brazil or China. The file contained in this email is actually Troj/Bredo-MY. The exact location of this Trojan is within a file named 'License Key' and a random number which is inside a download compressed in ZIP format (the compression prevents the user from viewing the contents of the file before downloading it).