More Tax Payment malware news today, with a resurgence of the Bredolab botnet.
Our MessageLabs Anti-Virus Service reported a suspicious email, similar to the Tax Spam Malware Warning yesterday. The message title once again was Your Tax Payment ID [Random Number] is failed
This time Symantec reported it as Trojan.Bredolab, which is a likely resurfacing of a Bredolab botnet.
The Bredolab botnet was partially dismantled in November 2010 through the seizure by Dutch law enforcement agents of 143 command and control servers, effectively removing the botnet herder’s ability to control the botnet centrally. Although the botnet’s size and capacity has been severely reduced by the law enforcement intervention.
A PC infected with Bredolab shows a number of effects as the malware:
- Downloads more malware on to the compromised computer
- Lowers the security settings on the infected computer
- May result in file deletion
If your anti virus software or mail gateway informs you that it has detected Bredolab, follow the instructions and do not open any affected files. To make sure that your machine does not get infected keep your anti virus software switched on and the signatures up to date.
Further resources