FYI...

Bredolab botnet/trojan ...review
- http://labs.m86security.com/2010/12/...alware-review/
December 23, 2010 - "Two months ago the Authorities in the Netherlands announced a massive botnet takedown of Bredolab Trojan*. However, Bredolab Trojan is still spreading malware on user’s machines... Once the malware is executed, it copies itself to a temp folder and injects code into “svchost.exe” process. It then generates a key and sends basic information... The bot wraps up the data and sends it to the command and control server... Bredolab (unlike the Zeus Trojan) doesn’t have local configuration files pre-generated by the malware operator. The Trojan operates like a Trojan Dropper; it receives the malware, saves it on the hard disk or in the memory according to the Trojan operator, and then loads it... Once the malware is successfully installed on the victims’ machine, it becomes much more complicated for AV companies to detect any activity committed by Bredolab Trojan. Looking closely at the traffic sent from the server to the victim shows how the downloaded executable is encrypted in a unique way for -each- machine, rendering AV pattern detection useless... even though instances of Bredolab Trojan still can be found in the wild and used by cybercriminals, it is expected that it will gradually decrease over time*."
* http://www.securelist.com/en/analysi...redolab_Botnet