We’ve been seeing a number of w32/brepibot.gen in our inbound email since noon today.
McAfee has a writeup on this virus here. McAfee updated their definitions on January 30th noting:
There were several mass-spammings of new Brepibot variants recently. The 4685 DAT files contain updated detection to cover the new variants. One example of a spammed message is as follows:
The email’s I’ve seen have the following characteristics:
Photo Approval Needed
Campus Life
Photo Approval Required
Campus Life Article
Photo Approval Deadline
photo approval needed
Photo Approval
Requesting Photo Approval
Photo and Article.exe
Source IPs: