virus logo Virus

W32/Bredo.K!tr

description-logoAnalysis


  • It injects codes into the following process:
    • svchost.exe

  • It downloads files from the following URLs and executes them:
    • http://193.{Removed}.33/lol2.exe
    • http://193.{Removed}.33/pod.exe
    • http://193.{Removed}.33/spm.exe


recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2021-07-20 87.00765
2021-06-29 87.00261
2021-05-01 85.00869
2021-04-15 85.00468
2020-03-04 75.72300 Sig Updated
2019-12-20 73.94300 Sig Added
ID 2592322
Released Mar 24, 2011
Description
Updated		 Mar 31, 2011
Aliases Trojan.Win32.Sasfis.bfsv (KAV), Mal/Bredo-K (Sophos)
Platform Profile Win32 file format / PE 32 bit