Bedep is a trojan that opens a backdoor on a compromised system and can provide a malicious actor with full control over the system, as well as download additional malware. Once executed, Bedep can facilitate the theft of information or be used to perform click fraud to visit specific websites for financial gain. According to TrendMicro, the Bedep trojan is also used to turn infected systems into botnets for other malicious activities. Users are typically infected with Bedep through exposure to malicious advertising (malvertising) or exploit kits on compromised websites. When a user visits a webpage hosting a malvertisement, an exploit kit (EK) such as Angler or Hanjuan identifies a vulnerability on the user's machine to exploit and deliver Bedep. According to F-Secure, Bedep creates a hidden virtual desktop on the victim's computer, with an instance of Internet Explorer which is used to view unsolicited websites. Bedep has primarily targeted victims in the United States, followed by Japan.


Technical Details

  • Microsoft’s Malware Protection Center provides technical information on Bedep, available here.
  • Symantec provides technical information and recommendations to avoid Bedep, available here.

One example of the Bedep trojan chain infection. Image Source: Trend Micro