Mal/BredoZp-B

Mal/BredoZp-B Description

Mal/BredoZp-B is the detection name for a particular kind of phishing scam that, for a long time was related to the now defunct Bredo Botnet. A botnet is a large network of computer systems that have been infected with malware that allows criminals to take over thousands of computers simultaneously and turn them into zombies in order to carry out coordinated attacks. By using zombie computers, a criminal can send out massive quantities of spam email, launder money and hide other illegal activities or shut down a particular server by overwhelming it with requests. Mal/BredoZp-B is a common spam email scam that, for a long time, was associated with a famous botnet known as Bredo. Although the law enforcement managed to bring down the criminals responsible for Bredo, the email scam that they used to deliver malware to their victims is still well and alive.

Mal/BredoZp-B Impersonates Legitimate Courier Services

Criminals use Mal/BredoZp-B in order to make computer users believe that they have received a package or that there was a failure in delivery. Typically, these messages will include an attached file or embedded link, which leads to the actual malware infection. The most recent Mal/BredoZp-B attack was observed in March of 2012, but this scam has appeared several times in the past. There's been a particularly large attack in the summer of 2011 with emails impersonating such companies as DHL and FedEx.

The Current Mal/BredoZp-B Attack Uses a Fake Email from DHL

The current Mal/BredoZp-B attack takes the shape of an email that allegedly comes from DHL, a popular messenger company. The email message is particularly convincing, using a spoofed email address from the dhl.be domain and, for once, a well written message without any spelling or grammatical mistakes (which are often the downfall of most computer criminals attempting to scam their victims with fake messages, applications, and emails). This email contains a supposed tracking number and, while the body changes from email to email, the main point of it will be to convince the victim to open an attached compressed archive in ZIP format. This file will usually be named something like: DHL-Express-Delivery-Notification-Details_03-2012_[Random tracker number].zip. The long file name is not a coincidence. It is proven that computer users are less likely to notice the ZIP extension because of the distraction that the long file name provides. The Mal/BredoZp-B attack is a very common way of sending out malicious spam email and has also been associated with other large botnets like the Zeus botnet.

Infected with Mal/BredoZp-B? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Mal/BredoZp-B
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Mal/BredoZp-B creates the following file(s):
# File Name
1 %AppData%\Upilve\upny.exe
2 %AppData%\Ewafy\zizuy.tmp

Registry Details

Mal/BredoZp-B creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 9 + 13 ?