Mal/BredoZp-B Description

Type: Adware

Mal/BredoZp-B is the detection name for a particular kind of phishing scam that, for a long time was related to the now defunct Bredo Botnet. A botnet is a large network of computer systems that have been infected with malware that allows criminals to take over thousands of computers simultaneously and turn them into zombies in order to carry out coordinated attacks. By using zombie computers, a criminal can send out massive quantities of spam email, launder money and hide other illegal activities or shut down a particular server by overwhelming it with requests. Mal/BredoZp-B is a common spam email scam that, for a long time, was associated with a famous botnet known as Bredo. Although the law enforcement managed to bring down the criminals responsible for Bredo, the email scam that they used to deliver malware to their victims is still well and alive.

Mal/BredoZp-B Impersonates Legitimate Courier Services

Criminals use Mal/BredoZp-B in order to make computer users believe that they have received a package or that there was a failure in delivery. Typically, these messages will include an attached file or embedded link, which leads to the actual malware infection. The most recent Mal/BredoZp-B attack was observed in March of 2012, but this scam has appeared several times in the past. There's been a particularly large attack in the summer of 2011 with emails impersonating such companies as DHL and FedEx.

The Current Mal/BredoZp-B Attack Uses a Fake Email from DHL

The current Mal/BredoZp-B attack takes the shape of an email that allegedly comes from DHL, a popular messenger company. The email message is particularly convincing, using a spoofed email address from the domain and, for once, a well written message without any spelling or grammatical mistakes (which are often the downfall of most computer criminals attempting to scam their victims with fake messages, applications, and emails). This email contains a supposed tracking number and, while the body changes from email to email, the main point of it will be to convince the victim to open an attached compressed archive in ZIP format. This file will usually be named something like: DHL-Express-Delivery-Notification-Details_03-2012_[Random tracker number].zip. The long file name is not a coincidence. It is proven that computer users are less likely to notice the ZIP extension because of the distraction that the long file name provides. The Mal/BredoZp-B attack is a very common way of sending out malicious spam email and has also been associated with other large botnets like the Zeus botnet.

Technical Information

File System Details

Mal/BredoZp-B creates the following file(s):
# File Name Detection Count
1 %AppData%\Upilve\upny.exe N/A
2 %AppData%\Ewafy\zizuy.tmp N/A

Registry Details

Mal/BredoZp-B creates the following registry entry or registry entries:
Registry key
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.