Troj/Bredo-QI
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 8,829 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 24,349 |
| First Seen: | February 29, 2012 |
| Last Seen: | September 1, 2023 |
| OS(es) Affected: | Windows |
If you have noticed any sign of the Troj/Bredo-QI infection on your PC, ESG security analysts recommend the aid of an effective anti-malware program to scan and clean your computer system. The Troj/Bredo-QI Trojan is a dangerous Trojan downloader designed to carry out the following tasks:
- Troj/Bredo-QI enters a victim's computer system without authorization, usually as part of a social engineering scam.
- Troj/Bredo-QI then makes a change to the Windows Registry that allow Troj/Bredo-QI to start up automatically whenever Windows is launched.
- Troj/Bredo-QI installs its executable file in the System folder and attempts to inject its malicious code into essential Windows file processes.
- Finally, Troj/Bredo-QI connects to a remote server located in the Russian Federation and attempts to download and install additional malware. The installed malware can vary depending on what the criminals are attempting to achieve. Troj/Bredo-QI in particular has been linked to a malware attack involving spy Trojans designed to steal banking information.
Troj/Bredo-QI is Closely Linked to a Phishing Email Scam
As of February of 2012, there have been numerous reports of a phishing email scam which uses highly-authentic email messages that supposedly were sent by the RIAA. This scam email uses the subject: 'Notification of Copyright Violation' and the body of this email claims that the victim's IP has been associated with distributing copyrighted material. Then, the victim is given two weeks to answer the email if he wants to avoid facing charges. To make the call, the victim is urged to download an attached file which supposedly will connect with the RIAA. However, this attachment is obviously not what Troj/Bredo-QI claims, but is actually composed of two Trojans: the Troj/Bredo-QI and the Troj/Agent-URP. ESG security researchers strongly advise ignoring these kinds of email notifications supposedly threatening legal action or coming from law enforcement. While the legalese in these kinds of emails may sound authentic to inexperienced computer users, it has absolutely no grounding in reality. In fact, email reporting copyright violations from the RIAA will never be sent directly to you, but to your ISP (Internet Service Provider) who would then forward the messages to you. Even then, these kinds of messages will never require you to open an attached file, especially not an executable! Email scams are so common now that legitimate companies and institutions know better than to send attachments like the one associated with Troj/Bredo-QI.
URLs
Troj/Bredo-QI may call the following URLs:
| phoalard.net |
