We’ve been seeing a number of w32/brepibot.gen in our inbound email since noon today.
McAfee has a writeup on this virus here. McAfee updated their definitions on January 30th noting:
There were several mass-spammings of new Brepibot variants recently. The 4685 DAT files contain updated detection to cover the new variants. One example of a spammed message is as follows:
The email’s I’ve seen have the following characteristics:
Subjects:
Photo
Photo Approval Needed
Campus Life
Photo Approval Required
Campus Life Article
FWD:Photo
Photo Approval Deadline
photo approval needed
Photo Approval
Requesting Photo Approval
Attachment:
Photo and Article.exe
Source IPs:
62.49.4.123
86.135.27.88
83.38.83.48
213.132.238.109
68.186.147.67
157.253.66.7
82.38.170.158
86.128.48.255
84.92.83.135
Related posts:
