brepibot.gen

By Roger on January 30, 2006 3:51 PM | | Comments (0) | TrackBacks (0)

We've been seeing a number of w32/brepibot.gen in our inbound email since noon today.

McAfee has a writeup on this virus here. McAfee updated their definitions on January 30th noting:


There were several mass-spammings of new Brepibot variants recently. The 4685 DAT files contain updated detection to cover the new variants. One example of a spammed message is as follows:

The email's I've seen have the following characteristics:
Subjects:
Photo
Photo Approval Needed
Campus Life
Photo Approval Required
Campus Life Article
FWD:Photo
Photo Approval Deadline
photo approval needed
Photo Approval
Requesting Photo Approval

Attachment:
Photo and Article.exe

Source IPs:
62.49.4.123
86.135.27.88
83.38.83.48
213.132.238.109
68.186.147.67
157.253.66.7
82.38.170.158
86.128.48.255
84.92.83.135

Categories

Antivirus

0 TrackBacks

Listed below are links to blogs that reference this entry: brepibot.gen.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/89

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on January 30, 2006 3:51 PM.

PowWeb cleans up the iframe infection was the previous entry in this blog.

The word naive seems appropriate (Scoble related) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search