A new settings file – Bredolab spam continues (Feb 26, 2010)


SonicWALL UTM Research team continued to monitor and provide protection against the ongoing Bredolab spam which switched to a new spam theme starting Wednesday, February 24, 2010. There has been a sharp increase in Bredolab spam campaigns since mid February 2010 as covered in our previous SonicAlert – New Bredolab spam campaigns and it was not any different this week.

SonicWALL has received more than 25,000 e-mail copies from the “new settings file” spam campaign. The email messages like previous campaigns have a zip archived attachment which contain a new variant of Bredolab Trojan executable. The sample e-mail format is shown below:

Campaign: A new settings file spam

Attachment: settings.zip (contains settings.exe)

Subject: A new settings file for the (random email address) has just be released

Email Body:
Dear use of the (email domain) mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (random email address) settings were changed. In order to apply the new set of settings open attached file.

Best regards, (email domain) Technical Support.

The email messages looks like:



SonicWALL has received more than 6 distinct variants of the settings.exe file till now. If the user downloads and executes these new Bredolab variants, it will further attempt to download FakeAV malware.

SonicWALL Gateway AntiVirus provides protection against this spam campaign via following signatures:

  • GAV: Bredolab.CE_2 (Trojan) [11,924,540 hits recorded starting Feb 20, 2010]
  • GAV: Bredolab.BK_2 (Trojan) [6,004,226 hits recorded starting Feb 26, 2010]
  • GAV: Bredolab.BK (Trojan) [471 hits recorded starting Feb 26, 2010]



Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.